LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for September 4, 2008

The Kernel Hacker's Bookshelf: UNIX Internals

DRI, BSD, and Linux

SCHED_FIFO and realtime throttling

LWN.net Weekly Edition for August 28, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

L-Forum Vulnerability - SQL Injection

[Posted August 14, 2002 by dennis]

From:  "Matthew Murphy" <mattmurphy@kc.rr.com>
To:  "BugTraq" <bugtraq@securityfocus.com>, "Full Disclosure" <full-disclosure@lists.netsys.com>, "SecurITeam News" <news@securiteam.com>, "Vuln-Dev" <vuln-dev@securityfocus.com>, "VulnWatch" <vulnwatch@vulnwatch.org>
Subject:  L-Forum Vulnerability - SQL Injection
Date:  Tue, 13 Aug 2002 21:53:04 -0500

I have discovered an SQL injection flaw in L-Forum which has
a recent record (upload spoofing/XSS by Ulf) of security bugs.

The problem this time is search.php.  It doesn't properly escape
the SQL data passed in by the user in the search member.  I
have provided a SourceForge patch for this vulnerability.  I
have shown URLs that exploit this:

Postgres:

http://localhost/search.php?search=a%27%20order%20by%20time%20desc%3b%20[que
ry]

MySQL:

http://localhost/search.php?search=a%25%27%20order%20by%20time%20desc%3b%20[
query]

I've patched this on SourceForge:

http://sourceforge.net/tracker/download.php?group_id=53716&atid=471341&file_
id=29026&aid=594867

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown
(Log in to post comments)

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds