Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: Re: MySQL command-line client HTML injection vulnerability

Re: MySQL command-line client HTML injection vulnerability

From: Michael Scheidell <scheidell_at_secnap.net>
Date: Wed, 08 Oct 2008 16:26:52 -0400

> Hi Thomas,
>
> This bug was fixed in a MySQL release dated 01 May 2008. It is now 01
> Oct 2008 - 5 months after the bug was released. So why exactly is this
> news? Did I miss something here?

Not fixed in any version I know of.
Patch has been available for 5 months, but this has not gotten into any
production version (or am I wrong?)
Try this on your system:

mysql --html --execute "select '<a>'"

If you get this, then its not patched:
<TABLE BORDER=1><TR><TH><a></TH></TR><TR><TD><a></TD></TR></TABLE>

If you get this (on 5.1, a little different than 5.0) than its patched:
(note the escaped <a>) 

-- 
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
<TABLE 
BORDER=1><TR><TH>&lt;a&gt;</TH></TR><TR><TD>&lt;a&gt;</TD></TR></TABLE>
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com
_________________________________________________________________________
Received on Oct 08 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]