On Saturday 17 December 2011 14:48:22 Luis Alejandro Martínez Faneyth wrote:
> Package: wnpp
> Severity: wishlist
> Owner: "Luis Alejandro Martínez Faneyth" <martinez.fane...@gmail.com>
>
> * Package name : aguilas
> Version : 1.0.0
> Upstream Author : Luis Alejandro Martínez Faneyth
> <martinez.fane...@gmail.com>
> * URL : http://code.google.com/p/aguilas
> * License : GPL-3
> Programming Lang: PHP
> Description : A web-based LDAP user management system
>
> AGUILAS is an application written mostly in PHP, but it has bits of
> JavaScript, SQL, style sheets and of course, HTML. It is a centralized
I was showing 'aguilas' to some people also looking for web based ldap user
management systems, and then within not too much time, I got a message back
saying
"not sure I like the look of that sql query..."
"sql injection in 5 seconds flat"
$sel_q = "SELECT * FROM NewUser"
. " WHERE mail='" . $mail . "'"
. " AND uid='" . $uid . "'"
. " AND token='" . $token . "'"
. " ORDER BY token DESC LIMIT 0,1";
I also got a bit scared by this.
/Sune
--
Do you know how might I reset the SCSI window?
You should reset the head.
--
To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201112172149.16597.s...@debian.org
