[This was originally published on OSVDB, now gone, and touched up for style. VulnDB 12143. Discovered while trying to install the script to verify a researcher’s findings.]
SecretSanta.php
Using a ‘ in the account name, full name or group name generates the following error with full install path:
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result
resource in /export/home/httpd/html/wesmo.com/
secretsanta/secret_santa/lib/groups.php on line 12
After using names/words without that character, I still get this when I try to create account:
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result
resource in /export/home/httpd/html/wesmo.com/
secretsanta/secret_santa/lib/groups.php on line 12