[pLog-svn] Fwd: LifeType <= 1.0.4 'articleId' SQL injection
plogworld at jon.limedaley.com
Sat Jun 3 22:39:08 GMT 2006
It doesn't work on my 1.0.4 install either, only partially. It
does get the (presumably, I didn't check) admin password (hashed) into the
sql_error.log, which isn't a security risk in itself, but obviously, being
able to change the SQL queries is bad. I don't see what the /**/ stuff is
doing. Surely the articleId is validated to be an integer, so where is
all that sql getting assigned to?
On Sun, 4 Jun 2006, Oscar Renalias wrote:
> I couldn't get the linked script to work, but this is the interesting part of
> On 4 Jun 2006, at 00:43, Oscar Renalias wrote:
>> Whoops. Our first serious SQL injection issue!
>> Begin forwarded message:
>>> From: "rgod" <zerokool_556 at hotmail.com>
>>> Date: 4 June 2006 00:30:31 GMT+03:00
>>> To: <contact at lifetype.net>
>>> Subject: LifeType <= 1.0.4 'articleId' SQL injection
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
With memory prices this low, who needs to deallocate memory?
More information about the pLog-svn