[VIM] Re: Sql Injection in CJ Ultra Plus v1.0.3-1.0.4

Steven M. Christey coley at linus.mitre.org
Wed May 25 12:31:22 EDT 2005

On Mon, 9 May 2005, security curmudgeon wrote:

> : #Sql Injection in CJ Ultra Plus v1.0.3-1.0.4(?) #
> Can you verify if this is the same "Cjultra" found at
> http://www.cjultra.com/ or something different?

I downloaded CJUltra 2.0.3 and 2.1.  Both of them have an out.php file
with the following code snippet:

if ($perm) {
        $perm = addslashes($perm);
    $query = "select * from trade where a1 = '$perm'";
    $result = mysql_query($query);
    if(!$result) error_message(sql_error());

This isn't exactly the code from 1.0.3 as originally announced for the SQL
injection, but:

  (1) it's close enough


  (2) the $perm variable is now cleansed, so the problem - if it existed -
is now fixed.

- Steve

More information about the VIM mailing list