Vulnerability Development mailing list archives
Re: OWL Intranet Engine
From: "Chris A. Mattingly" <camattin () camattin com>
Date: Mon, 19 May 2003 00:00:29 -0400
Quoting tony () libpcap net:
I was checking out the advisory, and noticed this clip: // Remove this else in a future version else { if ($username == "admin") { $sql->query("select * from $default->owl_users_table where username = '$username' and password = '$password'"); I wonder what would happen if username was admin, and password was: ' OR 1=1 AND username = 'admin Seems like a highly likely candidate for SQL injection.. anyone care to give a little insight? Perhaps even test it out using httpush or something?
Hopefully sanitation is done on the variables before they're used in a statement such as this (or just as, if not more so importantly, with any insert or update queries). But I'm not familiar with this package, so I can't speak to whether it's done there or not.
Current thread:
- OWL Intranet Engine tony (May 18)
- Re: OWL Intranet Engine Chris A. Mattingly (May 19)