lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20051203005013.6349.qmail@securityfocus.com>
Date: 3 Dec 2005 00:50:13 -0000
From: xer0x.west@...il.com
To: bugtraq@...urityfocus.com
Subject: PHP-Fusion v6.00.109 SQL Injection and Info. Disclosure


In the latest version of PHP-Fusion, the content management system by Digitanium (php-fusion.co.uk), there is an SQL Error in messages.php that reveals path names and a table name, and someone could possibly manipulate the SQL database.
The error is as follows, it is with the Search and Sort option:
/messages.php?folder=inbox&srch_text=a&srch_type=blehblahbleh&sort_type=blahblehblah&srch_submit=Search%20/%20Sort
The query above will give the following error (or something to the effect):


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIKE 'a'' at line 1
Warning: mysql_result(): supplied argument is not a valid MySQL result resource in c:\WWW\removed\data\maincore.php on line 111
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIKE 'a'' at line 1You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIKE 'a' ORDER BY message_read, LIMIT 0,20' at line 1
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\WWW\removed\data\maincore.php on line 116
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIKE 'a' ORDER BY message_read, LIMIT 0,20' at line 1

The error could be used to obtain classified information about the database and the system, and is definitely manipulable.

-Nolan West (CNS Chemist)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ