I got an email for this over the holiday weekend. Nice for them to wait for us to fix it before publishing it.
This report applies to 1.0.1.
We will have a fix for this in CVS very quickly and 1.0.2 release will be made to include the fix(es).
Announcements that relate to this will be send to the webcalendar announce mailing list. If you are not subsribed, use the following link (or follow the "Mail" link above):
Maybe I am missing something here, but it looks to me like there is only a problem if you magic quotes off. Am I wrong here? The documentation status you need to have magic_quotes_gpc enabled.
How does one do SQL Injection if magic_quotes_gpc are enabled? Doesn't the offending SQL text get escaped into a valid string?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This just hit Bugtraq:
http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/
I got an email for this over the holiday weekend. Nice for them to wait for us to fix it before publishing it.
This report applies to 1.0.1.
We will have a fix for this in CVS very quickly and 1.0.2 release will be made to include the fix(es).
Announcements that relate to this will be send to the webcalendar announce mailing list. If you are not subsribed, use the following link (or follow the "Mail" link above):
http://lists.sourceforge.net/lists/listinfo/webcalendar-announce
Maybe I am missing something here, but it looks to me like there is only a problem if you magic quotes off. Am I wrong here? The documentation status you need to have magic_quotes_gpc enabled.
How does one do SQL Injection if magic_quotes_gpc are enabled? Doesn't the offending SQL text get escaped into a valid string?
That's what I have read on most of the forums.
I see an issue with edit_template.php. It references connect.php as the place admin is verified...not good.
admin_handler tests for admin...if you have admin access then SQL injection would be pointless.
-Ray