Home page logo
/

bugtraq logo Bugtraq mailing list archives

PAFileDB SQL Injection Vulnerability & Ratings Cheat Fix
From: JeiAr <jeiar () kmfms com>
Date: 29 May 2003 22:17:10 -0000



I recently found out that someone I knew was running this vuln 
application. After informing them it was vuln they were dissapointed at 
the fact that they could no longer use the program as the author has not 
supplied a fix. Anyway, here is a quick fix i threw together to take care 
of the problem. Basically it eregs the input to only allow numbers, and 
checks to make sure the number is no greater than 10 and no less than 1.
I also closed off the variable in the SQL query that was allowing the SQL 
injection to be possible. Get the fix here

http://www.gulftech.org/vuln/pafiledbsqlfix.zip

This should solve any problems encountered until the vendor releases 
an "official" fix or a new version of PaFileDB.


Cheers,

JeiAr


----------------------------------------
GulfTech Computers
http://www.gulftech.org


  By Date           By Thread  

Current thread:
  • PAFileDB SQL Injection Vulnerability & Ratings Cheat Fix JeiAr (May 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]