[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#652464: ITP: aguilas -- A web-based LDAP user management system



On Saturday 17 December 2011 14:48:22 Luis Alejandro Martínez Faneyth wrote:
> Package: wnpp
> Severity: wishlist
> Owner: "Luis Alejandro Martínez Faneyth" <martinez.faneyth@gmail.com>
> 
> * Package name    : aguilas
>   Version         : 1.0.0
>   Upstream Author : Luis Alejandro Martínez Faneyth
> <martinez.faneyth@gmail.com>
> * URL             : http://code.google.com/p/aguilas
> * License         : GPL-3
>   Programming Lang: PHP
>   Description     : A web-based LDAP user management system
> 
> AGUILAS is an application written mostly in PHP, but it has bits of
> JavaScript, SQL, style sheets and of course, HTML. It is a centralized

I was showing 'aguilas' to some people also looking for web based ldap user 
management systems, and then within not too much time, I got a message back 
saying 

"not sure I like the look of that sql query..."
"sql injection in 5 seconds flat"


    $sel_q = "SELECT * FROM NewUser"
                      . " WHERE mail='" . $mail . "'"
                      . " AND uid='" . $uid . "'"
                      . " AND token='" . $token . "'"
                      . " ORDER BY token DESC LIMIT 0,1";

I also got a bit scared by this. 

/Sune
-- 
Do you know how might I reset the SCSI window?

You should reset the head.


Reply to: