[Snort-users] Base 1.2 Vuln

Kevin Johnson kjohnson at ...12400...
Fri Oct 28 15:58:57 EDT 2005


On Fri, 2005-10-28 at 09:40 -0400, Joel Esler wrote:
> I got an email last night from Kevin (Project lead of BASE), said that
> he has fixed it.  Look for a new BASE release soon.
> 

We are trying to test the fix out as much as possible.  If you would
like, you can either retrieve it from CVS or add the following as line
202 of includes/base_db.inc.php

$sql = eregi_replace(";", " [Possible SQL Injection Attack] ", $sql);

The release will happen as soon as testing is done.  This patch will
work on any version of BASE, but we recommend upgrading.<g>

> 
> On another note, I couldn't replicate the bug.
> 

I also am not able to replicate the actual SQL injection, but I can see
where it could happen.

> 
> Joel Esler

> On Oct 28, 2005, at 9:29 AM, Justin Heath wrote:
> 
> > I haven't seen any mention of this on the list, so I thought I would
> > pass it along.
> > 
> > Basic Analysis And Security Engine Base_qry_main.PHP SQL Injection
> > Vulnerability
> > http://www.securityfocus.com/bid/15199/info
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20051028/6f2d1406/attachment.sig>


More information about the Snort-users mailing list