Package: src:dtc
Version: 0.32.10-2
Severity: critical
Tags: security upstream
There is an sql injection in shared/inc/forms/domain_info.php:
$q = "SELECT name FROM $pro_mysql_domain_table WHERE owner='$adm_login' AND
domain_parking='no-parking' AND name NOT LIKE '".$_REQUEST["addrlink"]."';";
There is a bit of code in shared/vars/global_vars.php that tries to
check the value of addrlink, but passing something like
addrlink=foo.com/foo' SOME SQL HERE
works around it as it only checks the part before the slash.
Regards,
Ansgar
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
