Invalid characters crash search

Accensus · Post by **Accensus** » Mon Sep 18, 2017 8:13 am

I don't know what more info I could give.

ZzZombo · Post by **ZzZombo** » Tue Feb 28, 2023 1:25 am

Is that a SQL injection attack possibility I wonder?

yum13241 · Post by **yum13241** » Tue Feb 28, 2023 5:27 am

DROP TABLE anyone?

Shouldn't database input sanitation be a bit more widespread?

You can always count on XKCD.

Also, quoting strings with single quotes is atrocious. Just hold SHIFT already, it's not that hard.

wildweasel · Post by **wildweasel** » Tue Feb 28, 2023 8:21 am

What kind of invalid characters are you trying to use?

Xeotroid · Post by **Xeotroid** » Tue Feb 28, 2023 2:22 pm

Just searching for "(test", sans quotes, causes an error.

Post by **Graf Zahl** » Tue Feb 28, 2023 4:40 pm

PhpBB's search is totally broken anyway with its non-configurable word substitution and rejection of short words. I'm not really surprised that it chokes on some input.

ZzZombo · Post by **ZzZombo** » Tue Feb 28, 2023 8:32 pm

After my testing I conclude it doesn't seem to be a real vulnerability, although to be really sure an actual infosec professional should be asked. It appears that user input at the point of crash is used as https://www.postgresql.org/docs/current ... PE-TSQUERY rather than a plain string that could cause harm.

Professor Hastig · Post by **Professor Hastig** » Wed Mar 01, 2023 12:57 am

Do I understand the linked page correctly that this is the mostly non-functioning word substitution thing Graf was talking about which often makes forum search such a major pain in the ass?

ZDoom

Invalid characters crash search

Invalid characters crash search

Re: Invalid characters crash search

Re: Invalid characters crash search

Re: Invalid characters crash search

Re: Invalid characters crash search

Re: Invalid characters crash search

Re: Invalid characters crash search

Re: Invalid characters crash search