Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: phpWebSite 0.10.1 Full SQL Injection

From: Kevin Wilcox <kevin () tux appstate edu>
Date: Wed, 17 Aug 2005 10:02:29 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

h4cky0u wrote:

<snip details>


VENDOR STATUS:
===============
The vendors were contacted but no response received.


As one of the core developers I would like to say two things.

First - thank you for finding and reporting this bug. We have yet to be
able to do anything useful with it, i.e., select from or insert into any
db tables, but it is definitely a bug that needs patching and that you
were able to find it and report it is the beauty of OSS.

Secondly - this bug was *never* reported directly to the phpWebsite
development team. It was posted (publicly) to the bug list on
sourceforge but, despite phone/fax numbers, mailing addresses and email
addresses being readily available (one click away on
http://phpwebsite.appstate.edu, the homepage of the project), no direct
contact was ever attempted with the core development team.

A minor release, 0.10.2, is to be released today which incorporates this
and other bug fixes.

Kevin Wilcox
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDA0Nt7XWNuvsOTiYRAkeDAKC5derCJqcTTgHLkjVn6a8xN/EVKgCgwETz
ZPi8nxxQMeuj/hbkLRNEoG4=
=W2hD
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: