Bugtraq mailing list archives
Re: Authentication bypass, sql injections and xss in ArticleLive 2005
From: "Steven M. Christey" <coley () mitre org>
Date: Tue, 10 May 2005 21:42:17 -0400 (EDT)
Diabolic Crab, The title and text of this advisory suggest SQL injection, but I don't see any any clear examples that demonstrate this. A modified Query parameter to the search function is given, and the parameter starts with the "'" character - which might *suggest* SQL injection - but the resulting error message suggests that it's using the input for some array operations, which could be the fairly common "bad data type" problem that leads to full path disclosure on PHP applications. Indeed there might be other invalid characters that could trigger the same problem (I don't know; I don't have ArticleLive available to test). Could you provide more specific examples or otherwise clarify the problem? Thanks, Steve
Current thread:
- Authentication bypass, sql injections and xss in ArticleLive 2005 dcrab (May 05)
- <Possible follow-ups>
- Re: Authentication bypass, sql injections and xss in ArticleLive 2005 Steven M. Christey (May 11)