lists at keamera
Apr 8, 2008, 2:10 PM
Post #2 of 2
(2434 views)
Permalink
|
|
Re: Pligg 9.9.0 editlink.php SQL Injection Vulnerability
[In reply to]
|
|
While writing a little patch I found many other problems: variables are
simply not checked or checked in the very wrong way
- This is the case of my previous mail, editlink.php:
if(isset($_GET['id'])){
$theid = strip_tags($_GET['id']);
}
if(isset($_POST['id'])){
$theid = strip_tags($_POST['id']);
}
[...]
$link = $db->get_row("SELECT link_id, link_author FROM " . table_links .
" WHERE link_id=".$theid.";")
[...]
$linkres->id=$link_id = strip_tags($_POST['id']);
$linkres->read();
libs/link.php:
function read($usecache = TRUE) {
$id = $this->id;
$link = $db->get_row("SELECT " . table_links . ".* FROM " . table_links
. " WHERE link_id = $id");
}
- Another one, vote.php:
$link->id=$_POST['id'];
$link->read_basic();
link/link.php:
$id = $this->id;
$db->get_row("SELECT link_comments, link_author, link_status,
link_randkey, link_category, link_date, link_votes, link_karma,
link_published_date FROM " . table_links . " WHERE link_id = $id")
..and so on.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
