| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Aug 17 15:18:54 2005 From: kevin at tux.appstate.edu (Kevin Wilcox) Subject: phpWebSite 0.10.1 Full SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 h4cky0u wrote: <snip details> > VENDOR STATUS: > =============== > The vendors were contacted but no response received. As one of the core developers I would like to say two things. First - thank you for finding and reporting this bug. We have yet to be able to do anything useful with it, i.e., select from or insert into any db tables, but it is definitely a bug that needs patching and that you were able to find it and report it is the beauty of OSS. Secondly - this bug was *never* reported directly to the phpWebsite development team. It was posted (publicly) to the bug list on sourceforge but, despite phone/fax numbers, mailing addresses and email addresses being readily available (one click away on http://phpwebsite.appstate.edu, the homepage of the project), no direct contact was ever attempted with the core development team. A minor release, 0.10.2, is to be released today which incorporates this and other bug fixes. Kevin Wilcox -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDA0Nt7XWNuvsOTiYRAkeDAKC5derCJqcTTgHLkjVn6a8xN/EVKgCgwETz ZPi8nxxQMeuj/hbkLRNEoG4= =W2hD -----END PGP SIGNATURE-----
Powered by blists - more mailing lists