Full Disclosure mailing list archives
Re: phpWebSite 0.10.1 Full SQL Injection
From: h4cky0u <h4cky0u.org () gmail com>
Date: Wed, 17 Aug 2005 20:37:45 +0530
Hi Kevin, As you can see the whole issue was found and researched by a member(matrix_kller) at the h4cky0u.org site, i was told that the vendors had been notified and that he had never heard back from them. If that is not true then i apologise on his behalf. Anyways i would be looking forward for a more secure release of your script. Thanks. On 8/17/05, Kevin Wilcox <kevin () tux appstate edu> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 h4cky0u wrote: <snip details>VENDOR STATUS: =============== The vendors were contacted but no response received.As one of the core developers I would like to say two things. First - thank you for finding and reporting this bug. We have yet to be able to do anything useful with it, i.e., select from or insert into any db tables, but it is definitely a bug that needs patching and that you were able to find it and report it is the beauty of OSS. Secondly - this bug was *never* reported directly to the phpWebsite development team. It was posted (publicly) to the bug list on sourceforge but, despite phone/fax numbers, mailing addresses and email addresses being readily available (one click away on http://phpwebsite.appstate.edu, the homepage of the project), no direct contact was ever attempted with the core development team. A minor release, 0.10.2, is to be released today which incorporates this and other bug fixes. Kevin Wilcox -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDA0Nt7XWNuvsOTiYRAkeDAKC5derCJqcTTgHLkjVn6a8xN/EVKgCgwETz ZPi8nxxQMeuj/hbkLRNEoG4= =W2hD -----END PGP SIGNATURE-----
-- http://www.h4cky0u.org (In)Security at its best... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- phpWebSite 0.10.1 Full SQL Injection h4cky0u (Aug 16)
- Re: phpWebSite 0.10.1 Full SQL Injection Kevin Wilcox (Aug 17)
- Re: phpWebSite 0.10.1 Full SQL Injection h4cky0u (Aug 17)
- Re: phpWebSite 0.10.1 Full SQL Injection Kevin Wilcox (Aug 17)