[Snort-users] Base 1.2 Vuln
kjohnson at ...12400...
Fri Oct 28 15:58:57 EDT 2005
On Fri, 2005-10-28 at 09:40 -0400, Joel Esler wrote:
> I got an email last night from Kevin (Project lead of BASE), said that
> he has fixed it. Look for a new BASE release soon.
We are trying to test the fix out as much as possible. If you would
like, you can either retrieve it from CVS or add the following as line
202 of includes/base_db.inc.php
$sql = eregi_replace(";", " [Possible SQL Injection Attack] ", $sql);
The release will happen as soon as testing is done. This patch will
work on any version of BASE, but we recommend upgrading.<g>
> On another note, I couldn't replicate the bug.
I also am not able to replicate the actual SQL injection, but I can see
where it could happen.
> Joel Esler
> On Oct 28, 2005, at 9:29 AM, Justin Heath wrote:
> > I haven't seen any mention of this on the list, so I thought I would
> > pass it along.
> > Basic Analysis And Security Engine Base_qry_main.PHP SQL Injection
> > Vulnerability
> > http://www.securityfocus.com/bid/15199/info
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Snort-users