lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 11 Dec 2005 12:29:17 -0000 From: polnby@...oo.com To: bugtraq@...urityfocus.com Subject: Re: Re: [KAPDA::#16] - SMF SQL Injection Take a better look at your \'Memberlist.php\' source code. // Select the members from the database. $request = db_query(\" SELECT mem.ID_MEMBER FROM {$db_prefix}members AS mem LEFT JOIN {$db_prefix}log_online AS lo ON (lo.ID_MEMBER = mem.ID_MEMBER) LEFT JOIN {$db_prefix}membergroups AS mg ON (mg.ID_GROUP = IF(mem.ID_GROUP = 0, mem.ID_POST_GROUP, mem.ID_GROUP)) WHERE mem.is_activated = 1 ORDER BY \" . $sort_methods[$_REQUEST[\'sort\']][$context[\'sort_direction\']] . \" LIMIT $_REQUEST[start], $modSettings[defaultMaxMembers]\", __FILE__, __LINE__); printMemberListRows($request); mysql_free_result($request); ---------------------- // Find the members from the database. // !!!SLOW This query is slow. $request = db_query(\" SELECT mem.ID_MEMBER FROM {$db_prefix}members AS mem LEFT JOIN {$db_prefix}log_online AS lo ON (lo.ID_MEMBER = mem.ID_MEMBER) LEFT JOIN {$db_prefix}membergroups AS mg ON (mg.ID_GROUP = IF(mem.ID_GROUP = 0, mem.ID_POST_GROUP, mem.ID_GROUP)) WHERE \" . implode(\" $query OR \", $fields) . \" $query$condition AND is_activated = 1 LIMIT $_REQUEST[start], $modSettings[defaultMaxMembers]\", __FILE__, __LINE__); printMemberListRows($request); mysql_free_result($request); ---------------------- Isn`t posible for an attacker to modify the query logic?
Powered by blists - more mailing lists