Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 155217

Summary: www-apps/bugs-bug-genie SQL injection
Product: Gentoo Security Reporter: Markus Ullmann (RETIRED) <jokey>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://bugs.c3pc.com/bugs/view_bug.php?bug_id=434
Whiteboard: ~3? [upstream] jaervosz
Package list:
Runtime testing required: ---

Description Markus Ullmann (RETIRED) gentoo-dev 2006-11-15 03:35:53 UTC
From index.php:

$res = bugs_mysql_query("update userstable set last_seen='$last_seen' where uname='".$_COOKIE['FIDOlogin'][1]."' limit 1",$link);

the string is passed unchecked to the mysql db, leading to a possible SQL Injection

as the index.php is unprotected, no login is needed to trigger it. I notified upstream today as well
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-11-20 21:57:32 UTC
Jokey, please let us know when a fix is available.
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2007-01-17 19:27:56 UTC
any news on this one?

changing whiteboard, as this has never been stable it seems
Comment 3 Markus Ullmann (RETIRED) gentoo-dev 2007-02-11 20:44:16 UTC
Invalid as after working with upstream we found this hackish line in constants.inc.php:

$_COOKIE = array_map('addslashes_deep', $_COOKIE);