[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials
From:       security curmudgeon <jericho () attrition ! org>
Date:       2005-09-30 9:54:17
Message-ID: Pine.LNX.4.63.0509300551230.26802 () forced ! attrition ! org
[Download RAW message or body]


: I believe that this thing has been discovered and fixed long time ago.
: check this out, maybe I am wrong:
: http://www.gnucitizen.org/writings/php-fusion-messages.php-sql-injection-vulnerability.xhtml

Your advisory:

POST fields pm_email_notify and pm_save_sent are not properly sanitized. 

Rgod's advisory:

msg_send=' UNION SELECT [..]

BID 14489 / OSVDB 18708:

msg_view=' 


So three advisories or points of disclosure, 4 different variables, all in 
messages.php it seems. Close, but this seems like a different issue.

[prev in list] [next in list] [prev in thread] [next in thread]