[BOGUS] SMF vulnerability - SQL injection

Started by nasko100, December 10, 2005, 05:56:23 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

!Hachi!

#1
December 10, 2005, 06:10:59 AM
developers can answer this
    but if you see     
Vulnerable:      Simple Machines SMF 1.1 rc1             
Happy Ramadan

Grudge

#2
December 10, 2005, 06:57:40 AM
I've replied to the original message over there:
Quote
I'm a developer from over at simplemachines and I do not see how this can pose an exploit? Let's examine the code piece by piece:

The code is entered at this point:
if (!is_numeric($_REQUEST['start']))

So, will be executed if $_REQUEST['start'] is a string. It's then used in the query. However, it's used in the query in this piece of code:

substr(strtolower($_REQUEST['start']), 0, 1)

So, the string is set to lower case, and then only the FIRST letter is used within the query. How can anyone exploit the database with a one character insertion? Of course this is within single quotes as well, so it cannot even be a command.

I simply cannot see how you could possibly exploit SQL from this?
I'm only a half geek really...

Grudge

#3
December 10, 2005, 07:08:36 AM
Note I've also emailed security focus to request it's removed from their database.
I'm only a half geek really...

nasko100

#4
December 10, 2005, 08:28:09 AM
Thanks for the info!
Print
Go Up Pages1
User actions
Advertisement: