Thread: [Secureideas-base-devel] Fwd: base sql injection
Brought to you by:
secureideas,
sinukas
From: Joel E. <es...@gm...> - 2005-06-02 10:44:07
|
I guess it was a matter of time :) ---------- Forwarded message ---------- From: Ante Kotarac <ako...@gm...> Date: Jun 1, 2005 10:43 PM Subject: base sql injection To: ba...@se... Hi, first I would like to say that you are working on great piece of software, but I would like to warn you that you have some security vulns inside of it, you have a some sql injection problems for example: http://[victim]/base/base_qry_alert.php?submit=3D%230-%281-2%20AND%201=3D1%= 29&asciiclean=3D0 i will try to find if some more exist and inform you but till then please fix this one .. thanks in advance, Ante Kotarac --=20 Joel Esler BASE Project Lead http://sourceforge.net/projects/secureideas |
From: Kevin J. <kjo...@se...> - 2005-06-02 11:08:10
|
Hi- The README explicitly states that these vulnerabilities exist! It doesn't take a lot of thought to find an application that acknowledges security issues and report them!<g> We will be focusing on security in 2.0 since we will have complete control over the code. Kevin On Thu, 2005-06-02 at 06:44, Joel Esler wrote: > I guess it was a matter of time :) >=20 > ---------- Forwarded message ---------- > From: Ante Kotarac <ako...@gm...> > Date: Jun 1, 2005 10:43 PM > Subject: base sql injection > To: ba...@se... >=20 >=20 > Hi, > first I would like to say that you are working on great piece of > software, but I would like to warn you that you have some security vulns > inside of it, you have a some sql injection problems for example: > http://[victim]/base/base_qry_alert.php?submit=3D%230-%281-2%20AND%201=3D= 1%29&asciiclean=3D0 > i will try to find if some more exist and inform you but till then > please fix this one .. >=20 > thanks in advance, > Ante Kotarac >=20 |