Welcome to Geeklog, Anonymous Sunday, December 22 2024 @ 07:51 am EST
Geeklog Forums
It is exploitable
unknowed
Anonymous
/index.php?page=
/forum/createtopic.php?method=newtopic&forum=~
/forum/createtopic.php?method=newtopic&forum=:.
Even an empty page is exploitable
/forum/createtopic.php?method=&forum=6
want more?
/forum/createtopic.php?method=newtopic&forum=~
/forum/createtopic.php?method=newtopic&forum=:.
Even an empty page is exploitable
/forum/createtopic.php?method=&forum=6
want more?
6
7
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Just because it throws an SQL error doesn't automatically mean it's "exploitable". Although I have to agree that the forum could do some more thorough parameter checking.
Besides, your first and last example don't do anything.
If you're seriously interested in helping with security issues, please see our security page.
bye, Dirk
Besides, your first and last example don't do anything.
If you're seriously interested in helping with security issues, please see our security page.
bye, Dirk
8
5
Quote
Status: offline
Blaine
Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
I have been making version 2.3beta releases available from my site since early January. This version includes code to filter all input parameters for possible hostile data.
Geeklog components by PortalParts -- www.portalparts.com
Geeklog components by PortalParts -- www.portalparts.com
4
6
Quote
unknowed
Anonymous
Quote by Dirk: Just because it throws an SQL error doesn't automatically mean it's "exploitable". Although I have to agree that the forum could do some more thorough parameter checking.
Besides, your first and last example don't do anything.
If you're seriously interested in helping with security issues, please see our security page.
bye, Dirk
Besides, your first and last example don't do anything.
If you're seriously interested in helping with security issues, please see our security page.
bye, Dirk
You want to bet?
3
5
Quote
unknowed
Anonymous
btw.. my first and last exmaple was filtered the character should be \
7
4
Quote
unknowed
Anonymous
sorry forward slash
8
6
Quote
All times are EST. The time is now 07:51 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content