[Secureideas-base-devel] SQL injection
Brought to you by:
secureideas,
sinukas
From: Kevin J. <kjo...@se...> - 2005-10-26 23:43:57
|
Hi- Someone has reported a sql injection problem with base_qry_main.php. He filed a bug report this morning but I have not yet heard from him. In various other places it appears that he published more details around the problem. The issue I have is that I can not reproduce his report. BASE has a number of problems with data validation that we have inherited from ACID. We try to acknowledge this in the README, but we do need to do what we can to fix them. 2.x will be written to protect against this but 1.x should be fixed. Hopefully, Remco will respond to my requests for more information and we can either fix it or mitigate the issue. On another note, I hope that everyone knows that if there is a question or comment about BASE that they need to get out, I am always available. Please contact me or the developer list before publicly announcing it.<grin> Bug reports do not automatically notify us when they are reported, we need to manually check for them. I try to check as often as possible, but I do have a day job.<grin>=20 Thanks Kevin --------------------- BASE Project Lead http://sourceforge.net/projects/secureideas http://base.secureideas.net The next step in IDS analysis! |