|
|
| |
|
|
| |
|
|
| |
|
.:::.who's online.:::.
|
|
There are currently, 2 guest(s) and 0 member(s) that are online.
|
|
|
|
|
phpBB Allows Remote Users to Modify Default SQL Queries
posted by: valvoline on 20/10/2001 @ 10.08.01
|
Summary:
There is a potential security problem in the current version 1.4.2 and previous versions of phpBB. A remote user is able to modify a string passed as a SQL query to the MySQL database.
Details:
The problem exists in the file bb_memberlist.php. A string called $sortby is supplied through the URI and directly inserted into a SQL query string if it does not match the cases of the previous switch statement.
[snip]
switch($sortby) {
case ``:
[...]
case `posts`:
[...]
}
$sql = "SELECT * FROM users WHERE [...] ORDER BY $sortby";
[snap]
This is a typical example of bad coding practice, the obligate "default:" label has been forgotten/left out.
You can easily verify this problem by testing:
http://phpbb.sourceforge.net/phpBB/bb_memberlist.php?sortby=user_regdate
As you can see the user lists is sorted by the registration date that is stored in the column user_regdate. This is not a feature - it`s a bug!.
Additional information:
The information has been provided by Konrad Rieck.
|
comments: (0)
|
|
|
|
|
|
|
| | |
|
|
| |
|
.:::.Login.:::.
|
|
Don't have an account yet? You can create one. As registered user you have some advantages like, comments configuration and post comments with your name. |
|
| |
|
|
|
