FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Icon bug.
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: SQL buggy. [message #13947 is a reply to message #13945] Sat, 01 November 2003 18:19 Go to previous messageGo to previous message
Xodnizel   United States
Messages: 73
Registered: May 2003
Karma:
Member
Another SQL injection vulnerability in the upload feature:

If you upload a file as an attachment, save the page, and manipulate the value of the "file_array" element(make a new array, serialize, base 64 encode), you can insert an unescaped statement at the end of another SQL statement.

Example file_array element setting:

YToxOntpOjI1O3M6MTI6IjE7KTAwJ2wnbCcoIiI7fQ==

Will should cause an error to be entered in the fudforum error log, which you can see to verify the problem exists.
[Message index]
 
Read Message
Read Message
Read Message
Read Message icon10.gif
Read Message " alt="icon10.gif">" />
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Cant login!!
Next Topic: Broken Links with pathinfo 2.6.0RC2
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 13:00:00 GMT 2024

Total time taken to generate the page: 0.05009 seconds