Bug 477734 - [SECURITY] Xss + SQL INJECTION
THIS IS NOT A FIX, SOME BREAKAGE IS EXPECTED.
Given the severity of this bug, we added an exit() at the top of this
file to stop it from being executed on our servers. The owner(s) of this
website should review every request to MYSQL, $_POST and $_GET variables
AS SOON AS POSSIBLE.
There is more scripts in this repo that are vulnerable but I did not
modified because they are protected with the internalUseOnly() function.
I kept these files as-is to avoid breakage to your build but this is
still very dangerous, someone needs to review this code as soon as
possible.
SQL injection is a code injection technique, used to attack data-driven
applications, in which malicious SQL statements are inserted into an
entry field for execution (e.g. to dump the database contents to the
attacker).
Cross-Site Scripting (XSS) vulnerabilities are a type of computer
security vulnerability typically found in Web applications. XSS
vulnerabilities enable attackers to inject client-side script into Web
pages viewed by other users.
Signed-off-by: Christopher Guindon <chris.guindon@eclipse.org>
5 files changed
