BugTraq
Back to list
|
Post reply
PAFileDB SQL Injection Vulnerability & Ratings Cheat Fix
May 29 2003 10:17PM
JeiAr (jeiar kmfms com)
I recently found out that someone I knew was running this vuln
application. After informing them it was vuln they were dissapointed at
the fact that they could no longer use the program as the author has not
supplied a fix. Anyway, here is a quick fix i threw together to take care
of the problem. Basically it eregs the input to only allow numbers, and
checks to make sure the number is no greater than 10 and no less than 1.
I also closed off the variable in the SQL query that was allowing the SQL
injection to be possible. Get the fix here
http://www.gulftech.org/vuln/pafiledbsqlfix.zip
This should solve any problems encountered until the vendor releases
an "official" fix or a new version of PaFileDB.
Cheers,
JeiAr
----------------------------------------
GulfTech Computers
http://www.gulftech.org
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
I recently found out that someone I knew was running this vuln
application. After informing them it was vuln they were dissapointed at
the fact that they could no longer use the program as the author has not
supplied a fix. Anyway, here is a quick fix i threw together to take care
of the problem. Basically it eregs the input to only allow numbers, and
checks to make sure the number is no greater than 10 and no less than 1.
I also closed off the variable in the SQL query that was allowing the SQL
injection to be possible. Get the fix here
http://www.gulftech.org/vuln/pafiledbsqlfix.zip
This should solve any problems encountered until the vendor releases
an "official" fix or a new version of PaFileDB.
Cheers,
JeiAr
----------------------------------------
GulfTech Computers
http://www.gulftech.org
[ reply ]