|
Message-ID: <20120413104635.GA7230@kludge.henri.nerv.fi> Date: Fri, 13 Apr 2012 13:46:35 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 On Thu, Apr 12, 2012 at 12:55:01PM -0600, Kurt Seifried wrote: > > http://osvdb.org/show/osvdb/80840 Wikidforum Advanced Search > > Multiple Field SQL Injection > Also I couldn't really confirm the SQL injections so not assigning a > CVE, if you can find confirmation I'll assign a CVE. With "'" as input to select_sort: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' asc' at line 1select * from posts where parent_post_id IS NULL AND status=1 AND user_id=0 AND (post LIKE '%foo%' OR title LIKE '%foo%') and status IN (1) order by \\\' asc My friend told me that this can escalate in case of bad permissions or bad MySQL setup, but I do not have better PoC for this list. At least one can't chain for example SELECT foo FROM bar;DROP TABLE users;-- http://dev.mysql.com/doc/refman/5.5/en/select.html - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.