Your message dated Mon, 19 Dec 2011 10:54:54 +0800 with message-id <4eeea77e.9050...@goirand.fr> and subject line Also fixed in Lenny has caused the Debian Bug report #637487, regarding sql injection in shared/inc/forms/domain_info.php to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 637487: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637487 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: src:dtc Version: 0.32.10-2 Severity: critical Tags: security upstream There is an sql injection in shared/inc/forms/domain_info.php: $q = "SELECT name FROM $pro_mysql_domain_table WHERE owner='$adm_login' AND domain_parking='no-parking' AND name NOT LIKE '".$_REQUEST["addrlink"]."';"; There is a bit of code in shared/vars/global_vars.php that tries to check the value of addrlink, but passing something like addrlink=foo.com/foo' SOME SQL HERE works around it as it only checks the part before the slash. Regards, Ansgar
--- End Message ---
--- Begin Message ---
--- End Message ---
