[VIM] SourceWell - minor version number oddities and independent confirm

Steven M. Christey coley at mitre.org
Tue Nov 29 01:04:42 EST 2005


Regarding the SourceWell SQL injection in index.php via cnt:

  http://pridels.blogspot.com/2005/11/sourcewell-sql-inj-vuln.html

The SourceWell front page says the latest version is 1.1.3, but the
online changelog, available downloads, and new release announcements
only go up to 1.1.2.

I did confirm r0t's analysis by source inspection on 1.1.2.


Inspection of install.php shows a requirement for register_globals.
Then index.php has:

[84] $limit = $cnt.",".$config_show_appsperpage;

[124] $query = "SELECT $columns FROM $tables WHERE $where ORDER BY $order LIMIT $limit";

[126] appdat($query);

$query is later fed into a query method call on an instance of the
DB_Sql class (in the default configuration anyway).

- Steve


More information about the VIM mailing list