Full Disclosure mailing list archives
Re: phpWebSite 0.10.1 Full SQL Injection
From: Kevin Wilcox <kevin () tux appstate edu>
Date: Wed, 17 Aug 2005 10:02:29 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 h4cky0u wrote: <snip details>
VENDOR STATUS: =============== The vendors were contacted but no response received.
As one of the core developers I would like to say two things. First - thank you for finding and reporting this bug. We have yet to be able to do anything useful with it, i.e., select from or insert into any db tables, but it is definitely a bug that needs patching and that you were able to find it and report it is the beauty of OSS. Secondly - this bug was *never* reported directly to the phpWebsite development team. It was posted (publicly) to the bug list on sourceforge but, despite phone/fax numbers, mailing addresses and email addresses being readily available (one click away on http://phpwebsite.appstate.edu, the homepage of the project), no direct contact was ever attempted with the core development team. A minor release, 0.10.2, is to be released today which incorporates this and other bug fixes. Kevin Wilcox -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDA0Nt7XWNuvsOTiYRAkeDAKC5derCJqcTTgHLkjVn6a8xN/EVKgCgwETz ZPi8nxxQMeuj/hbkLRNEoG4= =W2hD -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- phpWebSite 0.10.1 Full SQL Injection h4cky0u (Aug 16)
- Re: phpWebSite 0.10.1 Full SQL Injection Kevin Wilcox (Aug 17)
- Re: phpWebSite 0.10.1 Full SQL Injection h4cky0u (Aug 17)
- Re: phpWebSite 0.10.1 Full SQL Injection Kevin Wilcox (Aug 17)