Bugtraq mailing list archives
Re: ATutor 1.5.3 Cross Site Scripting
From: "Steven M. Christey" <coley () mitre org>
Date: Fri, 21 Jul 2006 18:00:01 -0400 (EDT)
The mentioned SQL injection vulnerability is not possible. Please remove it.
Could you explain this further? In 1.5.3, edit_forum() in forums.inc.php has the following: $sql = "UPDATE ".TABLE_PREFIX."forums SET title='$_POST[title]', description='$_POST[body]' WHERE forum_id=$_POST[fid]"; $result = mysql_query($sql,$db); where is appears that $_POST[fid] is directly inserted into the SQL query. In 1.5.3.1, a new statement has been added to the same function, just before the two statements above: $_POST['fid'] = intval($_POST['fid']); This looks like cleansing that would be relevant for SQL injection. For those who were wondering, both $_POST['title'] and $_POST['body'] are re-set using addslashes: $_POST['title'] = $addslashes($_POST['title']); $_POST['body'] = $addslashes($_POST['body']); - Steve
Current thread:
- ATutor 1.5.3 Cross Site Scripting securityconnection (Jul 08)
- <Possible follow-ups>
- Re: ATutor 1.5.3 Cross Site Scripting info (Jul 12)
- Re: ATutor 1.5.3 Cross Site Scripting Steven M. Christey (Jul 22)