Bug#637487: sql injection in shared/inc/forms/domain_info.php

[Ansgar Burchardt]

Package: src:dtc
Version: 0.32.10-2
Severity: critical
Tags: security upstream

There is an sql injection in shared/inc/forms/domain_info.php:

    $q = "SELECT name FROM $pro_mysql_domain_table WHERE owner='$adm_login' AND 
domain_parking='no-parking' AND name NOT LIKE '".$_REQUEST["addrlink"]."';";

There is a bit of code in shared/vars/global_vars.php that tries to
check the value of addrlink, but passing something like

    addrlink=foo.com/foo' SOME SQL HERE

works around it as it only checks the part before the slash.

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org