Invalid characters crash search
Moderator: GZDoom Developers
-
- Posts: 2383
- Joined: Thu Feb 11, 2016 9:59 am
Invalid characters crash search
I don't know what more info I could give.
-
- Posts: 317
- Joined: Mon Jul 16, 2012 2:02 am
Re: Invalid characters crash search
Is that a SQL injection attack possibility I wonder?
-
- Posts: 853
- Joined: Mon May 10, 2021 8:08 pm
- Preferred Pronouns: He/Him
- Operating System Version (Optional): EndeavorOS (basically Arch)
- Graphics Processor: Intel with Vulkan/Metal Support
Re: Invalid characters crash search
DROP TABLE anyone?
Shouldn't database input sanitation be a bit more widespread?
You can always count on XKCD.
Also, quoting strings with single quotes is atrocious. Just hold SHIFT already, it's not that hard.
Shouldn't database input sanitation be a bit more widespread?
You can always count on XKCD.
Also, quoting strings with single quotes is atrocious. Just hold SHIFT already, it's not that hard.
-
- Posts: 21706
- Joined: Tue Jul 15, 2003 7:33 pm
- Preferred Pronouns: He/Him
- Operating System Version (Optional): A lot of them
- Graphics Processor: Not Listed
Re: Invalid characters crash search
What kind of invalid characters are you trying to use?
-
- Posts: 442
- Joined: Sat Jun 23, 2012 7:44 am
- Graphics Processor: nVidia with Vulkan support
- Location: Czech Rep.
Re: Invalid characters crash search
Just searching for "(test", sans quotes, causes an error.
-
- Lead GZDoom+Raze Developer
- Posts: 49142
- Joined: Sat Jul 19, 2003 10:19 am
- Location: Germany
Re: Invalid characters crash search
PhpBB's search is totally broken anyway with its non-configurable word substitution and rejection of short words. I'm not really surprised that it chokes on some input.
-
- Posts: 317
- Joined: Mon Jul 16, 2012 2:02 am
Re: Invalid characters crash search
After my testing I conclude it doesn't seem to be a real vulnerability, although to be really sure an actual infosec professional should be asked. It appears that user input at the point of crash is used as https://www.postgresql.org/docs/current ... PE-TSQUERY rather than a plain string that could cause harm.
-
- Posts: 248
- Joined: Mon Jan 09, 2023 2:02 am
- Graphics Processor: nVidia (Modern GZDoom)
Re: Invalid characters crash search
Do I understand the linked page correctly that this is the mostly non-functioning word substitution thing Graf was talking about which often makes forum search such a major pain in the ass?