Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
* Fix SQL injection for comment.php used in read-context.
      (Thanks to High-Tech Bridge SA Security Release Lab, Advisory HTB23092)
  • Loading branch information
garvinhicking committed May 16, 2012
1 parent a6f37ee commit 8715399
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 2 deletions.
6 changes: 6 additions & 0 deletions docs/NEWS
@@ -1,5 +1,11 @@
# $Id$

Version 1.6.2 (May 16th, 2012)
------------------------------------------------------------------------

* Fix SQL injection for comment.php used in read-context.
(Thanks to High-Tech Bridge SA Security Release Lab, Advisory HTB23092)

Version 1.6.1 (May 8th, 2012)
------------------------------------------------------------------------

Expand Down
2 changes: 1 addition & 1 deletion include/functions_trackbacks.inc.php
Expand Up @@ -364,7 +364,7 @@ function add_trackback ($id, $title, $url, $name, $excerpt) {

if ($id>0) {
// first check, if we already have this trackback
$comments = serendipity_fetchComments($id,1,'co.id',true,'TRACKBACK'," AND co.url='$url'");
$comments = serendipity_fetchComments($id,1,'co.id',true,'TRACKBACK'," AND co.url='" . serendipity_db_escape_string($url) . "'");
if (is_array($comments) && sizeof($comments) == 1) {
log_pingback("We already have that TRACKBACK!");
return 0; // We already have it!
Expand Down
2 changes: 1 addition & 1 deletion serendipity_config.inc.php
Expand Up @@ -45,7 +45,7 @@
}

// The version string
$serendipity['version'] = '1.6.1';
$serendipity['version'] = '1.6.2';

// Setting this to 'false' will enable debugging output. All alpa/beta/cvs snapshot versions will emit debug information by default. To increase the debug level (to enable Smarty debugging), set this flag to 'debug'.
$serendipity['production'] = (preg_match('@\-(alpha|beta|cvs)@', $serendipity['version']) ? false : true);
Expand Down

1 comment on commit 8715399

@q--
Copy link

@q-- q-- commented on 8715399 Oct 31, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the bug has been fixed for half a year or so, I don't think it can cause any harm to link a page at the Microsoft Developer Network that explains how blind SQL injection holes are actually exploited: Time-Based Blind SQL Injection with Heavy Queries.

Also note that tools to automate this process are widely available.

Please sign in to comment.