Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Closed)
 V33(.03) BUG_FIX: ChkString in search.asp
 Forum Locked  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

pweighill
Junior Member

United Kingdom
453 Posts

Posted - 22 November 2001 :  15:28:19  Show Profile
Some of the SQL in search.asp needs running thorugh the ChkString

line 125
if cnt < keycnt then strSql = strSql &  Request.Form("andor")

change to
if cnt < keycnt then strSql = strSql &  ChkString(Request.Form("andor"), "SQLString")


line 142
if cnt < keycnt then strSql = strSql &  Request.Form("andor")

change to
if cnt < keycnt then strSql = strSql &  ChkString(Request.Form("andor"), "SQLString")


line 158
strSql = strSql & " AND " & strTablePrefix & "FORUM.FORUM_ID = " & Request.Form("Forum") & " "

change to
strSql = strSql & " AND " & strTablePrefix & "FORUM.FORUM_ID = " & ChkString(Request.Form("Forum"), "SQLString") & " "


lines 165-166
strSql = strSql & " AND (" & strMemberTablePrefix & "MEMBERS.MEMBER_ID = " & Request.Form("SearchMember") & " "
strSql = strSql & " OR " & strActivePrefix & "REPLY.R_AUTHOR = " & Request.Form("SearchMember") & ") "

change to
strSql = strSql & " AND (" & strMemberTablePrefix & "MEMBERS.MEMBER_ID = " & ChkString(Request.Form("SearchMember"), "SQLString") & " "
strSql = strSql & " OR " & strActivePrefix & "REPLY.R_AUTHOR = " & ChkString(Request.Form("SearchMember"), "SQLString") & ") "



Davio
Development Team Member

Jamaica
12217 Posts

Posted - 22 November 2001 :  16:18:27  Show Profile
Why?
And why is it a bug?

- David
Go to Top of Page

pweighill
Junior Member

United Kingdom
453 Posts

Posted - 22 November 2001 :  17:07:41  Show Profile
Yes, it is a bug, well more of a security issue really.

If someone passes a Request.Form("Forum") parameter that is not what is expected which contains some cunningly crafted SQL (which would need to include some ' and a few other bits as well), you can get the database to carry out some inappropriate commands such as delete all the data from a table or changing the password of a user for example.

Thinking about it all a little bit more, might be even better to do the following clng("0" & ChkString(Request.Form("Forum")).

Go to Top of Page

Da_Stimulator
DEV Team Forum Moderator

USA
3373 Posts

Posted - 24 November 2001 :  09:37:20  Show Profile  Send Da_Stimulator an AOL message  Send Da_Stimulator a Yahoo! Message
All of those fields you mention are un-changeable by the person whom is searching, therefore they do not need to be checked, since the values are pre-determined and dont contain any illegal charecters in the first place.

The only way those fields could contain any illegal charecters is if a person saved the file on there computer, altered it, and then ran a search with their altered file, and really, then the should get stuck with an error.

----
-Eric | Mod Resource | Test Area
Sleep: A completely inadequate substitute for caffeine
http://phpscriptcenter.com -Quality PHP Scripts
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 29 December 2001 :  01:12:14  Show Profile
Went ahead and made the changes, it won't hurt to have chkstring in there.

Fixed in v3.4
Go to Top of Page
  Previous Topic Topic Next Topic  
 Forum Locked  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.12 seconds. Powered By: Snitz Forums 2000 Version 3.4.07