https://www.exploit-db.com/exploits/21365
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200207-030

PHPGroupware是一款免费开放源代码的群件系统，由PHPGroupware项目组开发维护并通过PHP语言实现。PHPGroupware在登陆(login)字段中没有正确处理用户输入数据，导致远程攻击者可以在服务器上执行任意SQL命令。问题存在于登陆(login)字段没有对用户输入进行充分检查，攻击者可以在此字段输入中嵌入SQL命令，通过使用特殊字符(‘)，导致通过登陆(login)字段传递SQL命令并在系统上执行。另外，此问题可以导致攻击者利用已存在的数据库进行攻击。

source: http://www.securityfocus.com/bid/4424/info

PHPGroupWare is a freely available, open source groupware system written in PHP. It is distributed and maintained by the PHPGroupWare project.

Debian packages of PHPGroupWare ship with an insecure default configuration. The PHP magic_quotes_gpc directive of the PHPGroupWare apache.conf file is disabled by default in Debian packages. This may enable remote attackers to make SQL injection attacks via PHPGroupWare.

Under normal circumstances, PHPGroupWare installs with the PHP magic_quotes_gpc directive enabled, to restrict the possibility of SQL injection attacks.

Additionally, this issue may also enable an attacker to exploit vulnerabilities that may exist in the underlying database. 

fubar'; CREATE TABLE thistableshouldnotexist (a int); --

来源:BID
名称:4424
链接:http://www.securityfocus.com/bid/4424
来源:XF
名称:phpgroupware-sql-injection(8755)
链接:http://www.iss.net/security_center/static/8755.php
来源:BUGTRAQ
名称:20020403SQLinjectioninPHPGroupware
链接:http://archives.neohapsis.com/archives/bugtraq/2002-04/0036.html
来源:OSVDB
名称:5153
链接:http://www.osvdb.org/5153
来源:BUGTRAQ
名称:20020411Re:SQLinjectioninPHPGroupware
链接:http://archives.neohapsis.com/archives/bugtraq/2002-04/0143.html