FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Apostrophe in e-mail address causes sql failures. Possible vulnerability.
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
icon4.gif  Apostrophe in e-mail address causes sql failures. Possible vulnerability. [message #7594] Thu, 05 December 2002 00:57 Go to previous message
adamc is currently offline  adamc   Australia
Messages: 4
Registered: December 2002
Karma:
Junior Member
Apostrophe in e-mail address causes sql failures on New Thread (at least).

The apostropie is not being escaped properly in the SQL creation. This is possibly also evidence of an SQL injection vulnerability, however I have not persued this far enough to check yet.

An apostrophie is allowed in an e-mail address (e.g. Mike.O'Hara(at)test(dot)com) according to the relevant RFC's so it should be accepted.
[Message index]
 
Read Message icon4.gif
Read Message
Read Message
Previous Topic: Getting PHP compilation warning v2.3.5
Next Topic: v2.3.5 action log
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 16:41:19 GMT 2024

Total time taken to generate the page: 0.04265 seconds