lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <004d01c2433d$b605e1a0$e62d1c41@kc.rr.com>
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: L-Forum Vulnerability - SQL Injection

I have discovered an SQL injection flaw in L-Forum which has
a recent record (upload spoofing/XSS by Ulf) of security bugs.

The problem this time is search.php.  It doesn't properly escape
the SQL data passed in by the user in the search member.  I
have provided a SourceForge patch for this vulnerability.  I
have shown URLs that exploit this:

Postgres:

http://localhost/search.php?search=a%27%20order%20by%20time%20desc%3b%20[que
ry]

MySQL:

http://localhost/search.php?search=a%25%27%20order%20by%20time%20desc%3b%20[
query]

I've patched this on SourceForge:

http://sourceforge.net/tracker/download.php?group_id=53716&atid=471341&file_
id=29026&aid=594867

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ