FUDforum: Bug Reports

Home » FUDforum Development » Bug Reports » Icon bug.

Show: Today's Messages :: Polls :: Message Navigator

Re: SQL buggy. [message #13947 is a reply to message #13945]

Sat, 01 November 2003 18:19

Xodnizel

Messages: 73
Registered: May 2003

Karma:

Member

Another SQL injection vulnerability in the upload feature:

If you upload a file as an attachment, save the page, and manipulate the value of the "file_array" element(make a new array, serialize, base 64 encode), you can insert an unescaped statement at the end of another SQL statement.

Example file_array element setting:

YToxOntpOjI1O3M6MTI6IjE7KTAwJ2wnbCcoIiI7fQ==

Will should cause an error to be entered in the fudforum error log, which you can see to verify the problem exists.

Report message to a moderator

[Message index]

		Icon bug. By: Xodnizel on Sat, 01 November 2003 05:49
		Re: Icon bug. By: Xodnizel on Sat, 01 November 2003 05:55
		Re: Icon bug. By: Ilia on Sat, 01 November 2003 19:01
		Re: Icon bug. By: Xodnizel on Sat, 01 November 2003 19:07
	" alt="icon10.gif">" />	Re: Icon bug. By: Xodnizel on Sat, 01 November 2003 19:08
		Re: Icon bug. By: Xodnizel on Sat, 01 November 2003 06:12
		SQL buggy. By: Xodnizel on Sat, 01 November 2003 17:35
		Re: SQL buggy. By: Xodnizel on Sat, 01 November 2003 18:19
		Re: SQL buggy. By: Ilia on Sat, 01 November 2003 20:07
		Re: SQL buggy. By: Ilia on Sat, 01 November 2003 19:05
		Re: Icon bug. By: AzaToth on Sat, 01 November 2003 18:22
		Re: Icon bug. By: Ilia on Sat, 01 November 2003 19:14
		Re: Icon bug. By: Xodnizel on Sat, 01 November 2003 20:51
		Re: Icon bug. By: Ilia on Sat, 01 November 2003 20:59

Previous Topic:	Cant login!!
Next Topic:	Broken Links with pathinfo 2.6.0RC2

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Thu Nov 07 21:40:48 GMT 2024

Total time taken to generate the page: 0.05587 seconds