| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 29 May 2003 22:17:10 -0000 From: JeiAr <jeiar@...ms.com> To: bugtraq@...urityfocus.com Subject: PAFileDB SQL Injection Vulnerability & Ratings Cheat Fix I recently found out that someone I knew was running this vuln application. After informing them it was vuln they were dissapointed at the fact that they could no longer use the program as the author has not supplied a fix. Anyway, here is a quick fix i threw together to take care of the problem. Basically it eregs the input to only allow numbers, and checks to make sure the number is no greater than 10 and no less than 1. I also closed off the variable in the SQL query that was allowing the SQL injection to be possible. Get the fix here http://www.gulftech.org/vuln/pafiledbsqlfix.zip This should solve any problems encountered until the vendor releases an "official" fix or a new version of PaFileDB. Cheers, JeiAr ---------------------------------------- GulfTech Computers http://www.gulftech.org
Powered by blists - more mailing lists