Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

* Fix SQL injection for comment.php used in read-context.

      (Thanks to High-Tech Bridge SA Security Release Lab, Advisory HTB23092)
  • Loading branch information...
commit 87153991d06bc18fe4af05f97810487c4a340a92 1 parent a6f37ee
@garvinhicking garvinhicking authored
View
6 docs/NEWS
@@ -1,5 +1,11 @@
# $Id$
+Version 1.6.2 (May 16th, 2012)
+------------------------------------------------------------------------
+
+ * Fix SQL injection for comment.php used in read-context.
+ (Thanks to High-Tech Bridge SA Security Release Lab, Advisory HTB23092)
+
Version 1.6.1 (May 8th, 2012)
------------------------------------------------------------------------
View
2  include/functions_trackbacks.inc.php
@@ -364,7 +364,7 @@ function add_trackback ($id, $title, $url, $name, $excerpt) {
if ($id>0) {
// first check, if we already have this trackback
- $comments = serendipity_fetchComments($id,1,'co.id',true,'TRACKBACK'," AND co.url='$url'");
+ $comments = serendipity_fetchComments($id,1,'co.id',true,'TRACKBACK'," AND co.url='" . serendipity_db_escape_string($url) . "'");
if (is_array($comments) && sizeof($comments) == 1) {
log_pingback("We already have that TRACKBACK!");
return 0; // We already have it!
View
2  serendipity_config.inc.php
@@ -45,7 +45,7 @@
}
// The version string
-$serendipity['version'] = '1.6.1';
+$serendipity['version'] = '1.6.2';
// Setting this to 'false' will enable debugging output. All alpa/beta/cvs snapshot versions will emit debug information by default. To increase the debug level (to enable Smarty debugging), set this flag to 'debug'.
$serendipity['production'] = (preg_match('@\-(alpha|beta|cvs)@', $serendipity['version']) ? false : true);

1 comment on commit 8715399

@q--

Since the bug has been fixed for half a year or so, I don't think it can cause any harm to link a page at the Microsoft Developer Network that explains how blind SQL injection holes are actually exploited: Time-Based Blind SQL Injection with Heavy Queries.

Also note that tools to automate this process are widely available.

Please sign in to comment.
Something went wrong with that request. Please try again.