lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5a5853266c80df8210a406eb67d5f30c.hackers@hackers.ir>
Date: Sun, 04 Feb 2007 20:38:45 +0330
From: "Omid" <omid@...kers.ir>
To: <bugtraq@...urityfocus.com>
Subject: Sql injection bugs in Xoops 2.0.16 + Weblinks module

Hi,

These bugs were published in full-disclosure about 2 weeks ago (CVE-2007-0377).

There is a sql injection bug in Xoops 2.0.16 core (and maybe other versions) in
admin section:

The 'id' parameter in "get()" function is not checked against sql injections :

File kernel/group.php, Line 94 :
::     function &get($id)
::     {
::         $group = false;
::     	if (intval($id) > 0) {
**             $sql = 'SELECT * FROM '.$this->db->prefix('groups').' WHERE groupid='.$id;

This one doesnt seem to be critical .


In "Weblinks" module :

The 'lid' parameter in "deleteByLid()" function is not
checked against sql injections :

File class/table_broken.php, Line 58 :
:: function deleteByLid($lid)
:: {
** 	$sql = "DELETE FROM $this->table WHERE lid=$lid";
:: 	return  $this->query_false($sql);
:: }

Also 3 other sql injections exist which can be exploitable and are not
discribed here . The new version is not released yet .

The original advisory (in Persian) is located at :
http://www.hackers.ir/advisories/festival.txt


- Omid

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ