Re: OWL Intranet Engine
From: Chris A. Mattingly (camattin_at_camattin.com)
Date: 05/19/03
- Previous message: tony_at_libpcap.net: "OWL Intranet Engine"
- In reply to: tony_at_libpcap.net: "OWL Intranet Engine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 May 2003 00:00:29 -0400 To: tony@libpcap.net
Quoting tony@libpcap.net:
> I was checking out the advisory, and noticed this clip:
>
> // Remove this else in a future version
> else {
> if ($username == "admin") {
> $sql->query("select * from $default->owl_users_table
> where username = '$username' and password = '$password'");
>
> I wonder what would happen if username was admin, and password was:
> ' OR 1=1 AND username = 'admin
>
> Seems like a highly likely candidate for SQL injection.. anyone care to
> give a little insight? Perhaps even test it out using httpush or
> something?
Hopefully sanitation is done on the variables before they're used in a
statement such as this (or just as, if not more so importantly, with any insert
or update queries). But I'm not familiar with this package, so I can't speak
to whether it's done there or not.
- Previous message: tony_at_libpcap.net: "OWL Intranet Engine"
- In reply to: tony_at_libpcap.net: "OWL Intranet Engine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
