Alessandro Vesely writes:
> I wrote on Sat, 15 Mar 2008 15:10:11 +0100:
>> Good thought! As a security enhancement, one can set an SQL_MODE of
>> NO_BACKSLASH_ESCAPES. Thereafter backslash escaping is not possible.
>> Otherwise, injections can be carried out using sequences crafted so
>> that after escaping they become valid multibyte characters. See
>>
http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string>
> I've tried that exploit, and it apparently works on the current version.
>
> The above is enough for me to believe that the injection would have worked
> If I had set the table in GBK. After the tentative patch attached, the log
> results as follows:
Download:
http://www.courier-mta.org/download.php#authlibChanges:
• Use mysql_set_character_set() instead of SET NAMES. This fixes a SQL
injection possibility with MySQL databases that use non-Latin character
sets.
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php_______________________________________________
courier-announce mailing list
courier-announce@...
https://lists.sourceforge.net/lists/listinfo/courier-announce
attachment0 (204 bytes) 