| Summary: | www-apps/bugs-bug-genie SQL injection | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Markus Ullmann (RETIRED) <jokey> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://bugs.c3pc.com/bugs/view_bug.php?bug_id=434 | ||
| Whiteboard: | ~3? [upstream] jaervosz | ||
| Package list: | Runtime testing required: | --- | |
Jokey, please let us know when a fix is available. any news on this one? changing whiteboard, as this has never been stable it seems Invalid as after working with upstream we found this hackish line in constants.inc.php:
$_COOKIE = array_map('addslashes_deep', $_COOKIE);
|
From index.php: $res = bugs_mysql_query("update userstable set last_seen='$last_seen' where uname='".$_COOKIE['FIDOlogin'][1]."' limit 1",$link); the string is passed unchecked to the mysql db, leading to a possible SQL Injection as the index.php is unprotected, no login is needed to trigger it. I notified upstream today as well