[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: Amblog 1.0 Joomla Component Multiple SQL Injection Vulnerabilities

To: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: Re: Amblog 1.0 Joomla Component Multiple SQL Injection Vulnerabilities
From: Salvatore Fresta aka Drosophila <drosophilaxxx@xxxxxxxxx>
Date: Mon, 16 Aug 2010 10:35:30 +0200

No, it isn't a good idea. You can use always Jrequest::getVar
specifing the type
(http://api.joomla.org/Joomla-Framework/Environment/JRequest.html#getVar).

The allowed types are: INT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64,
STRING, ARRAY, PATH.

Regards.

-- 
Salvatore Fresta aka Drosophila
http://www.salvatorefresta.net
CWNP444351

Prev by Date: Jgrid 1.0 Joomla Component Local File Inclusion Vulnerability
Next by Date: [ MDVSA-2010:151 ] libmikmod
Previous by thread: Re: Amblog 1.0 Joomla Component Multiple SQL Injection Vulnerabilities
Next by thread: [USN-967-1] w3m vulnerability
Index(es):
- Date
- Thread