TUCoPS :: Web :: Apps :: bt303.txt

PAFileDB SQL Injection Vulnerability & Ratings Cheat Fix




I recently found out that someone I knew was running this vuln 

application. After informing them it was vuln they were dissapointed at 

the fact that they could no longer use the program as the author has not 

supplied a fix. Anyway, here is a quick fix i threw together to take care 

of the problem. Basically it eregs the input to only allow numbers, and 

checks to make sure the number is no greater than 10 and no less than 1.

I also closed off the variable in the SQL query that was allowing the SQL 

injection to be possible. Get the fix here



http://www.gulftech.org/vuln/pafiledbsqlfix.zip



This should solve any problems encountered until the vendor releases 

an "official" fix or a new version of PaFileDB.





Cheers,



JeiAr





----------------------------------------

GulfTech Computers

http://www.gulftech.org

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH