Bugtraq mailing list archives
Re: Adcycle 0.78b Authentication
From: Dag-Erling Smorgrav <des () THINKSEC COM>
Date: Tue, 20 Feb 2001 17:08:09 +0100
Neil K <neilk () ALLDAS DE> writes:
Anyways how to patch?? well you could parse out the following character from *all the user defined fields: '.
Half-assed workaround. The correct fix is to modify the call to $dbh->prepare() as follows:
$sth = $dbh->prepare("SELECT * FROM login WHERE pid='$mycookpid' && agent='$agent' ORDER BY stime DESC");
$sth = $dbh->prepare("SELECT * FROM login WHERE pid=" . $dbh->quote($mycookpid) . " && agent =" . $dbh->quote($agent) . " ORDER BY stime DESC");
"I'm always Frank and Ernest with the ladies, Frank in New York, Ernest in Boston" --quoted from some film i watched last night
Samuel L. Jackson to Larry King in _The Long Kiss Goodnight_ - the correct quote is "I'm always frank and earnest with women. Uh, in New York I'm Frank, and in Chicago I'm Ernest." DES -- Dag-Erling Smørgrav - des () thinksec com
Current thread:
- Adcycle 0.78b Authentication Neil K (Feb 19)
- Re: Adcycle 0.78b Authentication Dag-Erling Smorgrav (Feb 20)
- <Possible follow-ups>
- Re: Adcycle 0.78b Authentication Kenneth van Grinsven (Feb 20)