[VulnWatch] L-Forum Vulnerability - SQL InjectionFrom: Matthew Murphy (firstname.lastname@example.org)
- Previous message: email@example.com: "[VulnWatch] MEME156 + MS SQL BRUTE THING!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Matthew Murphy" <firstname.lastname@example.org> To: "BugTraq" <email@example.com>, "Full Disclosure" <firstname.lastname@example.org>, "SecurITeam News" <email@example.com>, "Vuln-Dev" <firstname.lastname@example.org>, "VulnWatch" <email@example.com> Date: Tue, 13 Aug 2002 21:53:04 -0500
I have discovered an SQL injection flaw in L-Forum which has
a recent record (upload spoofing/XSS by Ulf) of security bugs.
The problem this time is search.php. It doesn't properly escape
the SQL data passed in by the user in the search member. I
have provided a SourceForge patch for this vulnerability. I
have shown URLs that exploit this:
I've patched this on SourceForge:
"The reason the mainstream is thought
of as a stream is because it is
- Author Unknown