Alessandro Vesely writes:
I wrote on Sat, 15 Mar 2008 15:10:11 +0100:Good thought! As a security enhancement, one can set an SQL_MODE of NO_BACKSLASH_ESCAPES. Thereafter backslash escaping is not possible. Otherwise, injections can be carried out using sequences crafted so that after escaping they become valid multibyte characters. See http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-stringI've tried that exploit, and it apparently works on the current version. The above is enough for me to believe that the injection would have worked If I had set the table in GBK. After the tentative patch attached, the log results as follows:
Download: http://www.courier-mta.org/download.php#authlib Changes:• Use mysql_set_character_set() instead of SET NAMES. This fixes a SQL injection possibility with MySQL databases that use non-Latin character sets.
pgp5W9ujuFBvE.pgp
Description: PGP signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
