Re: OWL Intranet Engine

["Chris A. Mattingly" <camattin () camattin com>]

Quoting tony () libpcap net:

> I was checking out the advisory, and noticed this clip:
>
>         // Remove this else in a future version
>         else {
>            if ($username == "admin") {
>                 $sql->query("select * from $default->owl_users_table
> where username = '$username' and password = '$password'");
>
> I wonder what would happen if username was admin, and password was:
> ' OR 1=1 AND username = 'admin
>
> Seems like a highly likely candidate for SQL injection.. anyone care to
> give a little insight? Perhaps even test it out using httpush or
> something?

Hopefully sanitation is done on the variables before they're used in a 
statement such as this (or just as, if not more so importantly, with any insert 
or update queries).  But I'm not familiar with this package, so I can't speak 
to whether it's done there or not.