Quoting tonyat_private: > I was checking out the advisory, and noticed this clip: > > // Remove this else in a future version > else { > if ($username == "admin") { > $sql->query("select * from $default->owl_users_table > where username = '$username' and password = '$password'"); > > I wonder what would happen if username was admin, and password was: > ' OR 1=1 AND username = 'admin > > Seems like a highly likely candidate for SQL injection.. anyone care to > give a little insight? Perhaps even test it out using httpush or > something? Hopefully sanitation is done on the variables before they're used in a statement such as this (or just as, if not more so importantly, with any insert or update queries). But I'm not familiar with this package, so I can't speak to whether it's done there or not.
This archive was generated by hypermail 2b30 : Mon May 19 2003 - 09:05:46 PDT