lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 10 May 2005 21:42:17 -0400 (EDT)
From: "Steven M. Christey" <coley@...re.org>
To: dcrab@...kerscenter.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Authentication bypass, sql injections and xss in ArticleLive 2005



Diabolic Crab,

The title and text of this advisory suggest SQL injection, but I don't
see any any clear examples that demonstrate this.

A modified Query parameter to the search function is given, and the
parameter starts with the "'" character - which might *suggest* SQL
injection - but the resulting error message suggests that it's using
the input for some array operations, which could be the fairly common
"bad data type" problem that leads to full path disclosure on PHP
applications.  Indeed there might be other invalid characters that
could trigger the same problem (I don't know; I don't have ArticleLive
available to test).

Could you provide more specific examples or otherwise clarify the
problem?


Thanks,
Steve


Powered by blists - more mailing lists