On Wed, 17 Jun 2009, Pierre Chifflier wrote:

> On Wednesday 17 June 2009 05:27:49 James Andrewartha wrote:
> > Pierre,
> >
> > The bug in download.php is still there in lenny, why did you close
> > the bug?
> 
> Hi James,
> 
> I closed the bug because the advisory [1] stated 1.02 while Lenny 
> version is 1.01.
> Additionally, this injection does not work here:
> http://xxx.xxx.xxx.xxx/ocsreports/download.php?n=1&dl=2&o=3&v=4%27union+all+select+concat(id,
> %27:%27,passwd)+from+operators%23
> 
> And returns an empty file. However, I agree this needs further 
> investigation to check if 1.01 is vulnerable too. Do you have some 
> working example ? I'll check on my side if the code is similar in 1.01 
> and 1.02

magic_quotes in php.ini protects against this attack, but if I turn it off 
it works.

-- 
# TRS-80              trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here will do \
# UCC Wheel Member     http://trs80.ucc.asn.au/ #|  what squirrels do best     |
[ "There's nobody getting rich writing          ]|  -- Collect and hide your   |
[  software that I know of" -- Bill Gates, 1980 ]\  nuts." -- Acid Reflux #231 /




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to