Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

Debian: 2030-1: mahara: sql injection

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) Debian: 2030-1: mahara: sql injection
# 1  
Old 04-06-2010
Debian: 2030-1: mahara: sql injection
LinuxSecurity.com: It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names. [More...]

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

SQL Injection Detection

I want to grep/awk /var/log/httpd/mysite-access_log.log and check if 2 words from the following appear in a single line: benchmark union information_schema drop truncate group_concat into file case hex lpad group order having insert union select from (12 Replies)
Discussion started by: koutroul
12 Replies
Login or Register to Ask a Question

LEARN ABOUT ULTRIX

rsh

rsh(1c) 																   rsh(1c)

Name
       rsh - remote shell

Syntax
       rsh host [-l username] [-n] command
       host [-l username] [-n] command

Description
       The  command  connects to the specified host, and executes the specified command.  The command copies its standard input to the remote com-
       mand, the standard output of the remote command to its standard output, and the standard error of the remote command to its standard error.
       Interrupt, quit and terminate signals are propagated to the remote command.  The command normally terminates when the remote command does.

       The  remote  username  used is the same as your local username, unless you specify a different remote name with the -l option.  This remote
       name must be equivalent, in the sense of to the originating account.  No provision is made for specifying a password with a command.

       If you omit command, then instead of executing a single command, you are logged in on the remote host using

       Shell metacharacters which are not quoted are interpreted on local machine, while quoted  metacharacters  are  interpreted  on  the  remote
       machine.  Thus the command

	  rsh otherhost cat remotefile >> localfile

       appends the remote file remotefile to the localfile localfile, while

	  rsh otherhost cat remotefile ">>" otherremotefile

       appends remotefile to otherremotefile.

       Host  names are given in the file Each host has one standard name (the first name given in the file), which is rather long and unambiguous,
       and optionally one or more nicknames.  The host names for local machines are also commands in the directory If you put  this  directory	in
       your search path then the can be omitted.

Options
       -l username	   Logs you in as the specified user, not as your user login name.

       -n		   Redirects all command input to

Restrictions
       The  command  is  confused by output generated by commands in a .cshrc file on the remote host.	In particular, `where are you?' and `stty:
       Can't assign requested address' are messages which can result if output is generated by the startup file.

       If you are using and put a in the background without redirecting its input away from the terminal, it blocks even if no reads are posted by
       the remote command.  If no input is desired you should redirect the input of to using the -n option.

       You cannot run an interactive command like Use

       Stop signals stop the local process only.

Files
       /etc/hosts
       /usr/hosts/*

See Also
       rlogin(1c)

																	   rsh(1c)