Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 09:14 am EDT

Geeklog Forums

It is exploitable


unknowed

Anonymous
/index.php?page=
/forum/createtopic.php?method=newtopic&forum=~
/forum/createtopic.php?method=newtopic&forum=:.

Even an empty page is exploitable

/forum/createtopic.php?method=&forum=6

want more?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Just because it throws an SQL error doesn't automatically mean it's "exploitable". Although I have to agree that the forum could do some more thorough parameter checking.

Besides, your first and last example don't do anything.

If you're seriously interested in helping with security issues, please see our security page.

bye, Dirk
 Quote

Status: offline

Blaine

Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
I have been making version 2.3beta releases available from my site since early January. This version includes code to filter all input parameters for possible hostile data.
Geeklog components by PortalParts -- www.portalparts.com
 Quote

unknowed

Anonymous
Quote by Dirk: Just because it throws an SQL error doesn't automatically mean it's "exploitable". Although I have to agree that the forum could do some more thorough parameter checking.

Besides, your first and last example don't do anything.

If you're seriously interested in helping with security issues, please see our security page.

bye, Dirk


You want to bet?
 Quote

unknowed

Anonymous
btw.. my first and last exmaple was filtered the character should be \
 Quote

unknowed

Anonymous
sorry forward slash
 Quote

All times are EDT. The time is now 09:14 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content