Re: Google knows everything
"vdongen" <vdongen@hetisw.nl> writes:
> I wanted to know where the city I live in is:
>
> Googlism for: 's-gravenzande
>
> MYSQL Error in query:
> INSERT INTO googlism (ism,alpha,date,type) VALUES ('\'s-
> gravenzande', ''', now(), '3')
> Error: You have an error in your SQL syntax. Check the manual that
> corresponds to your MySQL server version for the right syntax to use
> near '3')' at line 1
>
> nice :)
Really nice.
The problem here is, this is a potential security breach. I didn't
look further into it, but I think this could be exploited rather
trivially to execute shell code as the user the query runs under. Form
there an attacker could run some local exploit and gain root...
This should be looked into by the webmaster of googlism (CC'ed) ASAP!
Regards, Ulli
--
Ullrich Jans Eichenstrasse 4
Tel: +49 89 74427834 82024 Taufkirchen
Usenet: ujans@ullisys.pond.sub.org RealUlli@IRC
Reply to: