Demarc PureSecure Authentication Check SQL Injection Vulnerability

Solution:
pokleyzz sakamaniaka <pokleyzz@hotmail.com> has suggested making the following addition to the PureSecure script:

line 6113: &safe_slash(\$session_id' );

Demarc has announced that this issue will be resolved in version 1.6 of PureSecure, sceduled for release on April 18, 2002. The following official patch is also provided:

--- demarc Sun Nov 11 23:48:39 2001
+++ demarc-patched Tue Apr 16 12:49:56 2002
@@ -6094,6 +6094,7 @@
################
sub check_login{
my ($session_id) = @_;
+$session_id=~tr/[a-zA-Z0-9]//dc;

($session_id) || return;
&expire_sessions;



 

Privacy Statement
Copyright 2010, SecurityFocus