ZDoom

Do I understand the linked page correctly that this is the mostly non-functioning word substitution thing Graf was talking about which often makes forum search such a major pain in the ass?

After my testing I conclude it doesn't seem to be a real vulnerability, although to be really sure an actual infosec professional should be asked. It appears that user input at the point of crash is used as https://www.postgresql.org/docs/current/datatype-textsearch.html#DATATYPE-TSQUERY rather than a plain string that could cause harm.

PhpBB's search is totally broken anyway with its non-configurable word substitution and rejection of short words. I'm not really surprised that it chokes on some input.

Just searching for "(test", sans quotes, causes an error.

What kind of invalid characters are you trying to use?

DROP TABLE anyone?

Shouldn't database input sanitation be a bit more widespread?

[img]https://imgs.xkcd.com/comics/exploits_of_a_mom.png[/img]

You can always count on XKCD.


Also, quoting strings with single quotes is atrocious. Just hold SHIFT already, it's not that hard.

Is that a SQL injection attack possibility I wonder?

[img]https://i.imgur.com/jGeE9pa.png[/img]

I don't know what more info I could give.