|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Sql injection in Xoops
From: Omid (omid
hackers.ir)
Date: Fri Aug 25 2006 - 16:19:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
There is a sql injection in Xoops 2.0.14 (and maybe before versions) .
One of the user inputs, is used in the sql query without proper checking :
File /edituser.php, Line 347 :
:: if (!empty($_POST['user_avatar'])) {
>> $user_avatar = trim($_POST['user_avatar']);
:: $criteria_avatar = new CriteriaCompo(new Criteria('avatar_file', $user_avatar));
:: $criteria_avatar->add(new Criteria('avatar_type', "S"));
:: $avatars =& $avt_handler->getObjects($criteria_avatar);
:: if (!is_array($avatars) || !count($avatars)) {
:: $user_avatar = 'blank.gif';
:: }
The bug can be critical, so no more info .
You can upgrade to 2.0.15 .
Also, a simple solution is to change line 348 of /edituser.php, to :
$user_avatar = addslashes(trim($_POST['user_avatar']));
The original advisory (in Persian), is located at :
http://www.hackers.ir/advisories/xoops.html
- Omid
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]