Bug #42272 http://forge.mysql.com bug
Submitted: 22 Jan 2009 16:36 Modified: 23 Jan 2009 17:31
Reporter: Wow Wooh Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Websites: MySQLForge Severity:S1 (Critical)
Version: OS:Any
Assigned to: CPU Architecture:Any
Tags: sql injection

[22 Jan 2009 16:36] Wow Wooh 
Description:
Hi ! I want to report u about a bug on http://forge.mysql.com You have a bug in search module - sql injection ;) Bad hackers can use this bug. For example 
http://forge.mysql.com/tools/search.php?sortby=(added_on*if(substring((select+version()+fr...
We have a false answer ( we don't see "Connect to a MySQL Server" on page ), because first symbol in version of ur database is not 4. But if we will sent this query http://forge.mysql.com/tools/search.php?sortby=(added_on*if(substring((select+version()+fr...
we will have true answer and see on this page "Connect to a MySQL Server" :) Therebuy we can get security information from ur database. Fix it, please. Else u have one little bug, open for everybody reading folders with private information, like a http://forge.mysql.com/sql/ and http://forge.mysql.com/opt/
Fix it. Good bye and have a nice day ! =)

How to repeat:
123
[23 Jan 2009 17:31] Dups Wijay 
Thank you for your bug report. This issue has already been fixed.