[40543] in bugtraq
Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials
daemon@ATHENA.MIT.EDU (security curmudgeon)
Fri Sep 30 16:08:38 2005
Date: Fri, 30 Sep 2005 05:54:17 -0400 (EDT)
From: security curmudgeon <jericho@attrition.org>
To: Petko Petkov <ppetkov@gnucitizen.org>
Cc: retrogod@aliceposta.it, bugtraq@securityfocus.com
In-Reply-To: <433BA59D.1010400@gnucitizen.org>
Message-ID: <Pine.LNX.4.63.0509300551230.26802@forced.attrition.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
: I believe that this thing has been discovered and fixed long time ago.
: check this out, maybe I am wrong:
: http://www.gnucitizen.org/writings/php-fusion-messages.php-sql-injection-vulnerability.xhtml
Your advisory:
POST fields pm_email_notify and pm_save_sent are not properly sanitized.
Rgod's advisory:
msg_send=' UNION SELECT [..]
BID 14489 / OSVDB 18708:
msg_view='
So three advisories or points of disclosure, 4 different variables, all in
messages.php it seems. Close, but this seems like a different issue.
