Custom Field: SQL Injection

oneshot · 2009-07-22 20:03:30

oneshot
New member
Offline

Registered: 2009-07-22
Posts: 1

Topic: Custom Field: SQL Injection

1) Create new custom text area field "sqlinject", tied to asset, enabled
2) ensure magic_quotes_gpc is turned off per http://www.tracmor.com/forum/topic/119/ … es-needed/ (restart if needed)
3) add new asset, use as input for sqlinject custom field {I'd not type something like; drop table assets ; in this field} (sans curlies)
4) note error
5) rejoice

... unless I was updating said field.

tracmor 0.2.0; ubuntu intrepid/ standard apache2/php w/ php mem increased + magic_quotes_gpc off

jsinclair · 2009-07-23 10:36:05

jsinclair
Administrator
Offline

From: San Francisco, California, USA
Registered: 2008-05-13
Posts: 207

Re: Custom Field: SQL Injection

Thanks for reporting this. We are looking into it now.

Justin Sinclair

Got Inventory? Get Tracmor.

Custom Field: SQL Injection

Posts [ 2 ]

1 Topic by oneshot 2009-07-22 20:03:30

Topic: Custom Field: SQL Injection

2 Reply by jsinclair 2009-07-23 10:36:05

Re: Custom Field: SQL Injection

Posts [ 2 ]