Full Disclosure mailing list archives
Re: Pligg 9.9.0 editlink.php SQL Injection Vulnerability
From: lists <lists () keamera org>
Date: Tue, 08 Apr 2008 23:10:37 +0200
While writing a little patch I found many other problems: variables are simply not checked or checked in the very wrong way - This is the case of my previous mail, editlink.php: if(isset($_GET['id'])){ $theid = strip_tags($_GET['id']); } if(isset($_POST['id'])){ $theid = strip_tags($_POST['id']); } [...] $link = $db->get_row("SELECT link_id, link_author FROM " . table_links . " WHERE link_id=".$theid.";") [...] $linkres->id=$link_id = strip_tags($_POST['id']); $linkres->read(); libs/link.php: function read($usecache = TRUE) { $id = $this->id; $link = $db->get_row("SELECT " . table_links . ".* FROM " . table_links . " WHERE link_id = $id"); } - Another one, vote.php: $link->id=$_POST['id']; $link->read_basic(); link/link.php: $id = $this->id; $db->get_row("SELECT link_comments, link_author, link_status, link_randkey, link_category, link_date, link_votes, link_karma, link_published_date FROM " . table_links . " WHERE link_id = $id") ..and so on. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Pligg 9.9.0 editlink.php SQL Injection Vulnerability Guido Landi (Apr 08)
- Re: Pligg 9.9.0 editlink.php SQL Injection Vulnerability lists (Apr 08)