Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Adcycle 0.78b Authentication

From: Dag-Erling Smorgrav <des () THINKSEC COM>
Date: Tue, 20 Feb 2001 17:08:09 +0100
Neil K <neilk () ALLDAS DE> writes:

Anyways how to patch?? well you could parse out the following character from *all
the user defined fields: '.


Half-assed workaround. The correct fix is to modify the call to
$dbh->prepare() as follows:


    $sth = $dbh->prepare("SELECT * FROM login WHERE pid='$mycookpid' && agent='$agent' ORDER BY stime DESC");


      $sth = $dbh->prepare("SELECT * FROM login WHERE pid=" .
                           $dbh->quote($mycookpid) .
                           " && agent =" .
                           $dbh->quote($agent) .
                           " ORDER BY stime DESC");


             "I'm always Frank and Ernest with the ladies,
                    Frank in New York, Ernest in Boston"
                                --quoted from some film i watched last night


Samuel L. Jackson to Larry King in _The Long Kiss Goodnight_ - the
correct quote is "I'm always frank and earnest with women. Uh, in New
York I'm Frank, and in Chicago I'm Ernest."

DES
-- 
Dag-Erling Smørgrav - des () thinksec com
Previous By Date Next
Previous By Thread Next

Current thread: