OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Matthew Murphy (mattmurphy_at_kc.rr.com)
Date: Tue Aug 13 2002 - 21:53:04 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I have discovered an SQL injection flaw in L-Forum which has
    a recent record (upload spoofing/XSS by Ulf) of security bugs.

    The problem this time is search.php. It doesn't properly escape
    the SQL data passed in by the user in the search member. I
    have provided a SourceForge patch for this vulnerability. I
    have shown URLs that exploit this:

    Postgres:

    http://localhost/search.php?search=a%27%20order%20by%20time%20desc%3b%20[que
    ry]

    MySQL:

    http://localhost/search.php?search=a%25%27%20order%20by%20time%20desc%3b%20[
    query]

    I've patched this on SourceForge:

    http://sourceforge.net/tracker/download.php?group_id=53716&atid=471341&file_
    id=29026&aid=594867

    "The reason the mainstream is thought
    of as a stream is because it is
    so shallow."
                         - Author Unknown