Serendipity 1.1.2 released
This evening we were notified by fellow co-developer Sebastian Nohn about a full-disclosure posting about a Serendipity SQL injection matter. We have investigated this reported 0day issue, and can tell you that it is not a SQL injection,but instead “only”an SQL error display.
No SQL can be injected using the described method. Because of an
invalid category ID, serendipity tries to show entries for that
category, but the resulting SQL string contains an emtpy “(())”
statement which makes the MySQL parser fail, and report the error
on-screen. The SQL queries that Serendipity uses are not secret, and
could be looked up in the sourcecode as well.
gelesen auf serendipity
- Bewertung:
(No Ratings Yet)- Aufrufe:
- Gelesen: 533 · heute: 0 · zuletzt: Montag, 25. April 2011 - 05:03
- Info:
- Serendipity 1.1.2 released ist Beitrag Nr. 288
- Autor:
- opencm.de am 3. March 2007 um 21:10
- Category:
- Blog-News,Sicherheit
- Tags:
- Trackback:
- Trackback URI
