FUDforum: Bug Reports » Apostrophe in e-mail address causes sql failures. Possible vulnerability.

Home » FUDforum Development » Bug Reports » Apostrophe in e-mail address causes sql failures. Possible vulnerability.

Show: Today's Messages :: Polls :: Message Navigator

Apostrophe in e-mail address causes sql failures. Possible vulnerability. [message #7594]

Thu, 05 December 2002 00:57

adamc

Messages: 4
Registered: December 2002

Karma:

Junior Member

Apostrophe in e-mail address causes sql failures on New Thread (at least).

The apostropie is not being escaped properly in the SQL creation. This is possibly also evidence of an SQL injection vulnerability, however I have not persued this far enough to check yet.

An apostrophie is allowed in an e-mail address (e.g. Mike.O'Hara(at)test(dot)com) according to the relevant RFC's so it should be accepted.

Report message to a moderator

[Message index]

		Apostrophe in e-mail address causes sql failures. Possible vulnerability. By: adamc on Thu, 05 December 2002 00:57
		Re: Apostrophe in e-mail address causes sql failures. Possible vulnerability. By: adamc on Thu, 05 December 2002 01:00
		Re: Apostrophe in e-mail address causes sql failures. Possible vulnerability. By: Ilia on Thu, 05 December 2002 01:13

Previous Topic:	Getting PHP compilation warning v2.3.5
Next Topic:	v2.3.5 action log

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Sep 20 09:56:23 GMT 2024

Total time taken to generate the page: 0.04917 seconds