[VIM] verify of LabWiki issue (source inspection)
Steven M. Christey
coley at mitre.org
Mon Jun 12 15:43:05 EDT 2006
ref:
Bugtraq - LabWiki v1.0
http://www.securityfocus.com/archive/1/archive/1/435981/100/0/threaded
I obtained version 1.5.
In search.php we have:
<input type="text" name="query" id="query" value="<?php echo $QW['requestQuery']; ?>" />
The "$QW['requestQuery']" is set in _global.php :
$QW['requestQuery'] = trim(QWSafeGet( $QW_REQUEST, 'query' ));
the "QWSafeGet" function basically accesses an array value in a way
that prevents an undefined index warning.
Earlier in _global.php, $QW_REQUEST is set to either $_GET or $_POST.
So, we have a literal reflection of the "query" parameter as sent to
search.php when it re-constructs the query page.
- Steve
More information about the VIM
mailing list