[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure

To: Petko Petkov <ppetkov@xxxxxxxxxxxxxx>
Subject: Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure
From: security curmudgeon <jericho@xxxxxxxxxxxxx>
Date: Fri, 30 Sep 2005 05:54:17 -0400 (EDT)

: I believe that this thing has been discovered and fixed long time ago.
: check this out, maybe I am wrong:
: 
http://www.gnucitizen.org/writings/php-fusion-messages.php-sql-injection-vulnerability.xhtml

Your advisory:

POST fields pm_email_notify and pm_save_sent are not properly sanitized. 

Rgod's advisory:

msg_send=' UNION SELECT [..]

BID 14489 / OSVDB 18708:

msg_view=' 


So three advisories or points of disclosure, 4 different variables, all in 
messages.php it seems. Close, but this seems like a different issue.

Prev by Date: [SECURITY] [DSA 826-1] New helix-player packages fix multiple vulnerabilities
Next by Date: Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC
Previous by thread: [SECURITY] [DSA 826-1] New helix-player packages fix multiple vulnerabilities
Next by thread: Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC
Index(es):
- Date
- Thread