OWL Intranet Engine

From: tonyat_private
Date: Sat May 17 2003 - 22:59:13 PDT

Next message: Chris A. Mattingly: "Re: OWL Intranet Engine"

Previous message: Valdis.Kletnieksat_private: "Re: vulndev-1 and a suggestion about the ensuing discussion"
Next in thread: Chris A. Mattingly: "Re: OWL Intranet Engine"
Reply: Chris A. Mattingly: "Re: OWL Intranet Engine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I was checking out the advisory, and noticed this clip:

        // Remove this else in a future version
        else {
           if ($username == "admin") {
                $sql->query("select * from $default->owl_users_table
where username = '$username' and password = '$password'");

I wonder what would happen if username was admin, and password was:
' OR 1=1 AND username = 'admin

Seems like a highly likely candidate for SQL injection.. anyone care to
give a little insight? Perhaps even test it out using httpush or
something?

-- 
+ Microsoft doesn't believe in free() code.

Next message: Chris A. Mattingly: "Re: OWL Intranet Engine"
Previous message: Valdis.Kletnieksat_private: "Re: vulndev-1 and a suggestion about the ensuing discussion"
Next in thread: Chris A. Mattingly: "Re: OWL Intranet Engine"
Reply: Chris A. Mattingly: "Re: OWL Intranet Engine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 18 2003 - 19:10:28 PDT