[NEWS] L-Forum SQL Injection Vulnerability
From: support@securiteam.comDate: 08/15/02
- Previous message: support@securiteam.com: "[EXPL] Citrix and Terminal Server Multiple Exploits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Thu, 15 Aug 2002 16:38:35 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
L-Forum SQL Injection Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://sourceforge.net/projects/l-forum/> L-Forum is lightweight but
fully featured threaded bulletin board system written in PHP and back
ended with MySQL/PostgreSQL. A security vulnerability in the product's
search.php allows remote attackers to cause the SQL back engine to execute
arbitrary SQL commands by injecting them through user provided data.
DETAILS
The search.php does not properly escape the SQL data passed in by the user
in the search member.
Exploit:
PostgreSQL:
http://localhost/search.php?search=a%27%20order%20by%20time%20desc%3b%20[query]
MySQL:
http://localhost/search.php?search=a%25%27%20order%20by%20time%20desc%3b%20[query]
Solution:
Matthew Murphy has provided SourceForge with a patch for this
vulnerability.
<http://sourceforge.net/tracker/download.php?group_id=53716&atid=471341&file_id=29026&aid=594867> http://sourceforge.net/tracker/download.php?group_id=53716&atid=471341&file_id=29026&aid=594867
ADDITIONAL INFORMATION
The information has been provided by <mailto:mattmurphy@kc.rr.com>
Matthew Murphy.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[EXPL] Citrix and Terminal Server Multiple Exploits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- RE: SQL Slammer doing the rounds again?
... SQL Slammer doing the rounds again? ... "I used to hate writing assignments,
... > Security Business Unit ... > at the largest, most highly-anticipated
industry ... (Incidents) - Re: sql injection query
... escapes the values so this alone greatly enhances security. ... there was a
post here a while ago about Validating SQL ... these regex's were very good] so he had
no worries about Injection. ... wanted to know if I call a storedprocedure like
this I would be similarly ... (microsoft.public.dotnet.framework.adonet) - [NEWS] IBM Informix Web DataBlade Vulnerable to Auto-decoding of HTML Entities
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... HTML encoded strings are automatically
being decoded when used in SQL ... When a string has been ... $'ed it should
thus be safe to use it in an SQL query, ... (Securiteam) - Re: Microsoft Informational Alert
... > PSS Security Response Team Alert - SQL Security Recommendations ...
> PRODUCTS AFFECTED: SQL Server ... Secure your SA login account with a non-NULL
password. ... (microsoft.public.security) - Re: sql injection - missed it at bh/defcon + follow on query.
... sql injection - missed it at bh/defcon + follow on query. ... >I got thro'
a login by putting ... >This list is provided by the SecurityFocus Security Intelligence
Alert ... (Pen-Test)
