On Sun, 2002-11-10 at 02:51, Ullrich Jans wrote:
> "vdongen" <[EMAIL PROTECTED]> writes:
>
> > I wanted to know where the city I live in is:
> >
> > Googlism for: 's-gravenzande
> >
> > MYSQL Error in query:
> > INSERT INTO googlism (ism,alpha,date,type) VALUES ('\'s-
> > gravenzande', ''', now(), '3')
> > Error: You have an error in your SQL syntax. Check the manual that
> > corresponds to your MySQL server version for the right syntax to use
> > near '3')' at line 1
> >
> > nice :)
>
> Really nice.
>
> The problem here is, this is a potential security breach. I didn't
> look further into it, but I think this could be exploited rather
> trivially to execute shell code as the user the query runs under. Form
> there an attacker could run some local exploit and gain root...But that's just a query being sent to MySQL. The worst case I see is sending arbitrary queries to MySQL (eg, deleting everything in the database). > This should be looked into by the webmaster of googlism (CC'ed) ASAP! Agreed. Alex. -- PGP Public Key: http://aoi.dyndns.org/~alex/pgp-public-key -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS d- s:++ a18 C++(++++)>$ UL+++(++++) P--- L+++>++++ E---- W+(+++) N- o-- K+ w--- !O M(+) V-- PS+++ PE-- Y+ PGP+(+++) t* 5-- X-- R tv b- DI D+++ G e h! !r y ------END GEEK CODE BLOCK------
signature.asc
Description: This is a digitally signed message part
