Your message dated Wed, 03 Oct 2012 09:25:34 +0000
with message-id <[email protected]>
and subject line Bug#689263: Removed package(s) from unstable
has caused the Debian Bug report #635617,
regarding nanourl: SQL Injection flaw in URL lookup
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
635617: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635617
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nanourl
Version: 0.1-7.1
Severity: important

*** Please type your report below this line ***

The lookup of destination URLs uses unescaped parameters from
the query string, making a classic SQL Injection security hole.

In real terms this package is not security critical, has a low
user-base, and so I'm only treating it as "important" and not
critical.

Code in question is:

--
   ...
   $hash= $_GET['num'];
   ...

   $result = mysql_query("SELECT url FROM urls WHERE hash = '$hash'");
   if(! ($result)) {
            die(mysql_error());
   }

--


Consider the case where "hash" is set to:

  bogus' or urls LIKE '%private%

Leading to a query like:


   SELECT url FROM urls WHERE hash = 'bogus' or urls LIKE '%private%'


CVE ID is probably required :)


-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



Steve
--
Let me steal your soul?
http://stolen-souls.com



--- End Message ---
--- Begin Message ---
Version: 0.1-7.1+rm

Dear submitter,

as the package nanourl has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see http://bugs.debian.org/689263

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].

Debian distribution maintenance software
pp.
Ansgar Burchardt (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to