Bugtraq mailing list archives

Re: MySQL command-line client HTML injection vulnerability

From: Michael Scheidell <scheidell () secnap net>
Date: Wed, 08 Oct 2008 16:26:52 -0400

Hi Thomas,

This bug was fixed in a MySQL release dated 01 May 2008.  It is now 01
Oct 2008 - 5 months after the bug was released.  So why exactly is this
news?  Did I miss something here?



Not fixed in any version I know of.
Patch has been available for 5 months, but this has not gotten into any
production version (or am I wrong?)
Try this on your system:

mysql --html --execute "select '<a>'"

If you get this, then its not patched:
<TABLE BORDER=1><TR><TH><a></TH></TR><TR><TD><a></TD></TR></TABLE>

If you get this (on 5.1, a little different than 5.0) than its patched:
(note the escaped <a>)
-- 
Michael Scheidell, CTO

|SECNAP Network Security

Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer



<TABLE 
BORDER=1><TR><TH>&lt;a&gt;</TH></TR><TR><TD>&lt;a&gt;</TD></TR></TABLE>


_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com
_________________________________________________________________________

Current thread:

RE: MySQL command-line client HTML injection vulnerability Quark IT - Hilton Travis (Oct 01)
- Re: MySQL command-line client HTML injection vulnerability Michael Scheidell (Oct 08)
- <Possible follow-ups>
- Re: RE: MySQL command-line client HTML injection vulnerability mrry . dmlo (Oct 03)
  - RE: RE: MySQL command-line client HTML injection vulnerability Quark IT - Hilton Travis (Oct 06)
- Re: MySQL command-line client HTML injection vulnerability okuno (Oct 29)