I have discovered an SQL injection flaw in L-Forum which has a recent record (upload spoofing/XSS by Ulf) of security bugs. The problem this time is search.php. It doesn't properly escape the SQL data passed in by the user in the search member. I have provided a SourceForge patch for this vulnerability. I have shown URLs that exploit this: Postgres: http://localhost/search.php?search=a%27%20order%20by%20time%20desc%3b%20[que ry] MySQL: http://localhost/search.php?search=a%25%27%20order%20by%20time%20desc%3b%20[ query] I've patched this on SourceForge: http://sourceforge.net/tracker/download.php?group_id=53716&atid=471341&file_ id=29026&aid=594867 "The reason the mainstream is thought of as a stream is because it is so shallow." - Author Unknown
