Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Ideas Centre
Post Reply
User avatar
Former Team Member
Posts: 7425
Joined: Tue Jul 03, 2001 8:50 pm "exploits"

Post by psoTFX » Mon Nov 15, 2004 4:27 pm

We've have had and continue to receive reports based on a bugtraq email submitted by the "" group. Please do not report these issues to us, not by PM, email nor via our security tracker.

The two "sql injection" issues are not sql injection issues, nothing can be done with them at all due to type casting (strings are forced to an integer type). The group admit this themselves but persist in claiming they are sql injection issues. The "solution" they give contains semantically incorrect SQL (you do not enclose values for integer field types in quotes).

Post Reply

Return to “Announcements”

Who is online

Users browsing this forum: No registered users and 58 guests