Re: phpGiftReq SQL Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: phpGiftReq SQL Injection
From: Ryan Walberg <generalpf@xxxxxxxxx>
Date: 7 Mar 2005 18:23:38 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <41EAA8C8.6050600@xxxxxxxxx>

>phpGiftReq doesn't validate the parameters. This allows SQL Injection
>and modification of data in the database.
>
>This vulnerability has been tested with phpGiftReq 1.4.0

Fixed these flaws and many others in 1.5.0b1.

Prev by Date: drone armies C&C report - Feb/2005
Next by Date: See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow
Previous by thread: phpGiftReq SQL Injection
Next by thread: [SIG^2 G-TEC] NodeManager Professional V2.00 Buffer Overflow Vulnerability
Index(es):
- Date
- Thread