On IPB just out of 0day vulnerabilities due to mysql truncation causes of vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201338759
Type myhack58
Reporter GaRY
Modified 2013-05-15T00:00:00


First posted about the original: http://www.john-jean.com/blog/securite-informatique/ipb-invision-power-board-all-versions-1-x-2-x-3-x-admin-account-takeover-leading-to-code-execution-742

This is a good vulnerability, not IPB now using how widely although also in my day is used quite widely, sigh, the good old) Just this vulnerability is mainly the use of highlights in fact is not in IPB, but in the MySQL characteristic of understanding:

1, During an INSERT, if you insert the character beyond the MySQL field length, MySQL will automatically truncated to the maximum length and then inserted into, and will not go wrong. 2, in the SELECT time, if you query a certain field is equal to’a ’,his effect and each query ‘a ‘or ‘a’There is no difference. As shown: !

In addition to the vulnerabilities in the use of the several outside, mysql there are many similar to the type caused by the conversion issues, such as everybody known“and 0 equals all”of the properties.

So, IPB is just a Cheap Shot, you dig the following, you can dig out more similar problems. Security researchers on various characteristics of the system research, very often to more than developers and users itself. Flexible application of their own advantages, the horizons will be very different.

Update, only to find you can be our PHP security researchers a unified idol Stefan Esser cattle, as early as 0 to 8 years according to the same characteristics given similar vulnerabilities: