[VulnWatch] L-Forum Vulnerability - SQL InjectionFrom: Matthew Murphy (email@example.com)
- Previous message: firstname.lastname@example.org: "[VulnWatch] MEME156 + MS SQL BRUTE THING!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Matthew Murphy" <email@example.com> To: "BugTraq" <firstname.lastname@example.org>, "Full Disclosure" <email@example.com>, "SecurITeam News" <firstname.lastname@example.org>, "Vuln-Dev" <email@example.com>, "VulnWatch" <firstname.lastname@example.org> Date: Tue, 13 Aug 2002 21:53:04 -0500
I have discovered an SQL injection flaw in L-Forum which has
a recent record (upload spoofing/XSS by Ulf) of security bugs.
The problem this time is search.php. It doesn't properly escape
the SQL data passed in by the user in the search member. I
have provided a SourceForge patch for this vulnerability. I
have shown URLs that exploit this:
I've patched this on SourceForge:
"The reason the mainstream is thought
of as a stream is because it is
- Author Unknown