CVE-2005-4144 Information

Description

Lyris ListManager 5.0 through 8.9a allows remote attackers to add \ORDER BY\ columns to SQL queries via unusual whitespace characters in the orderby parameter such as (1) newlines and (2) 0xFF (ASCII 255) characters which are interpreted as whitespace.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html http://metasploit.com/research/vulns/lyris_listmanager/ http://secunia.com/advisories/17943 http://www.osvdb.org/21549 http://www.securityfocus.com/archive/1/419077/100/0/threaded http://www.securityfocus.com/bid/15787 http://www.vupen.com/english/advisories/2005/2820