|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ATutor 1.5.3 Cross Site Scripting
From: Steven M. Christey (coley
mitre.org)
Date: Fri Jul 21 2006 - 17:00:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>The mentioned SQL injection vulnerability is not possible. Please
>remove it.
Could you explain this further?
In 1.5.3, edit_forum() in forums.inc.php has the following:
$sql = "UPDATE ".TABLE_PREFIX."forums SET title='$_POST[title]', description='$_POST[body]' WHERE forum_id=$_POST[fid]";
$result = mysql_query($sql,$db);
where is appears that $_POST[fid] is directly inserted into the SQL
query.
In 1.5.3.1, a new statement has been added to the same function, just
before the two statements above:
$_POST['fid'] = intval($_POST['fid']);
This looks like cleansing that would be relevant for SQL injection.
For those who were wondering, both $_POST['title'] and $_POST['body']
are re-set using addslashes:
$_POST['title'] = $addslashes($_POST['title']);
$_POST['body'] = $addslashes($_POST['body']);
- Steve
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]