Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Mar 28, 2024 9:43 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 
Author Message
PostPosted: Sat Feb 24, 2007 2:48 am 
Offline
Helper

Joined: Sat Sep 17, 2005 7:15 am
Posts: 71
When I attempt to set any text with a single quote ' - and submit the form, I receive the following message...

[code]
Fatal Error:

UPDATE `system_man` SET `system_man_value` = '', `system_man_description` = 'Hyperion server running with '_sqlsvc' for backup jobs', `system_man_location` = 'Data center - Rockford', `system_man_serial_number` = '', `system_man_date_of_purchase` = '0000-00-00' WHERE `system_man_uuid` = '00:18:8B:4E:CD:61'

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_sqlsvc' for backup jobs', `system_man_location` = 'Data center - Rockford', `sy' at line 1

Array
(
[pc] => 00:18:8B:4E:CD:61
[category] => manual
[view] => summary
[system_man_location] => Data center - Rockford
[system_man_date_of_purchase] => 0000-00-00
[system_man_value] =>
[system_man_serial_number] =>
[system_man_description] => Hyperion server running with '_sqlsvc' for backup jobs
[save] => Save
[preferences1] => utc=360
)[/code]

However, I can work around this issue by using two single quotes in a row (as an escape character).

Just wanted to let you know.

Rob

_________________
Server Info:
OS : Windows Server 2003
Auditing: ~300 machines
LDAP: Windows Server 2003 Active Directory


Last edited by qc_metal on Wed Feb 28, 2007 12:51 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Feb 24, 2007 4:35 am 
That's no good. That definitely allows for arbitrary code execution. I'll put that on my list of things to do...


Top
  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group