Gossamer Forum: Products: Gossamer Links: Discussions: Re: [BLOOD] Unknown column 's' (Paul)

Gossamer Threads

Home : Products : Gossamer Links : Discussions :

Re: [BLOOD] Unknown column 's'

Jan 26, 2003, 7:40 AM

Paul

Veteran (19537 posts)

Jan 26, 2003, 7:40 AM

Shortcut

Re: [BLOOD] Unknown column 's' In reply to

It looks perhaps like the plugin is _very_ insecure. It seems to be passing in all input to GT::SQL which is why you have d and s - I assume d is the dynamic parameter and s...hmm i'm not sure, but anyway that is what I think is happening.

This bug means I could change my user status to admin if I wanted (if it works the same way on the UPDATE query).

You should check the plugin perl module to see what the code looks like. Post it here if you are unsure.

Last edited by:

Paul: Jan 26, 2003, 8:16 AM

Subject	Author	Views	Date
Unknown column 's'	BLOOD	3176	Jan 26, 2003, 6:30 AM

Re: [BLOOD] Unknown column 's'	webmaster33	3086	Jan 26, 2003, 7:13 AM

Re: [webmaster33] Unknown column 's'	BLOOD	3079	Jan 26, 2003, 7:44 AM

Re: [BLOOD] Unknown column 's'	webmaster33	3093	Jan 26, 2003, 7:48 AM

Re: [webmaster33] Unknown column 's'	BLOOD	3072	Jan 26, 2003, 8:11 AM

Re: [BLOOD] Unknown column 's'	webmaster33	3058	Jan 26, 2003, 8:18 AM

Re: [BLOOD] Unknown column 's'	Paul	3088	Jan 26, 2003, 7:40 AM

Re: [Paul] Unknown column 's'	BLOOD	3066	Jan 26, 2003, 7:47 AM

Re: [BLOOD] Unknown column 's'	Paul	3064	Jan 26, 2003, 8:23 AM

Re: [Paul] Unknown column 's'	BLOOD	3057	Jan 26, 2003, 8:26 AM

Gossamer Threads is a Vancouver-based company with over 28 years experience in web technology. From development to hosting, we partner with leading organizations around the globe and help to build their web presences, strategies and infrastructures.

Let’s talk: 1-877-715-7676