Page 1 of 1

Invalid characters crash search

Posted: Mon Sep 18, 2017 8:13 am
by Accensus
Image

I don't know what more info I could give.

Re: Invalid characters crash search

Posted: Tue Feb 28, 2023 1:25 am
by ZzZombo
Is that a SQL injection attack possibility I wonder?

Re: Invalid characters crash search

Posted: Tue Feb 28, 2023 5:27 am
by yum13241
DROP TABLE anyone?

Shouldn't database input sanitation be a bit more widespread?

Image

You can always count on XKCD.


Also, quoting strings with single quotes is atrocious. Just hold SHIFT already, it's not that hard.

Re: Invalid characters crash search

Posted: Tue Feb 28, 2023 8:21 am
by wildweasel
What kind of invalid characters are you trying to use?

Re: Invalid characters crash search

Posted: Tue Feb 28, 2023 2:22 pm
by Xeotroid
Just searching for "(test", sans quotes, causes an error.

Re: Invalid characters crash search

Posted: Tue Feb 28, 2023 4:40 pm
by Graf Zahl
PhpBB's search is totally broken anyway with its non-configurable word substitution and rejection of short words. I'm not really surprised that it chokes on some input.

Re: Invalid characters crash search

Posted: Tue Feb 28, 2023 8:32 pm
by ZzZombo
After my testing I conclude it doesn't seem to be a real vulnerability, although to be really sure an actual infosec professional should be asked. It appears that user input at the point of crash is used as https://www.postgresql.org/docs/current ... PE-TSQUERY rather than a plain string that could cause harm.

Re: Invalid characters crash search

Posted: Wed Mar 01, 2023 12:57 am
by Professor Hastig
Do I understand the linked page correctly that this is the mostly non-functioning word substitution thing Graf was talking about which often makes forum search such a major pain in the ass?