[VIM] SourceWell - minor version number oddities and independent
confirm
Steven M. Christey
coley at mitre.org
Tue Nov 29 01:04:42 EST 2005
Regarding the SourceWell SQL injection in index.php via cnt:
http://pridels.blogspot.com/2005/11/sourcewell-sql-inj-vuln.html
The SourceWell front page says the latest version is 1.1.3, but the
online changelog, available downloads, and new release announcements
only go up to 1.1.2.
I did confirm r0t's analysis by source inspection on 1.1.2.
Inspection of install.php shows a requirement for register_globals.
Then index.php has:
[84] $limit = $cnt.",".$config_show_appsperpage;
[124] $query = "SELECT $columns FROM $tables WHERE $where ORDER BY $order LIMIT $limit";
[126] appdat($query);
$query is later fed into a query method call on an instance of the
DB_Sql class (in the default configuration anyway).
- Steve
More information about the VIM
mailing list