Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authenticated SQL Injection in show_groups_popup.php #1215

Open
prodigysml opened this issue Jul 23, 2018 · 11 comments
Open

Authenticated SQL Injection in show_groups_popup.php #1215

prodigysml opened this issue Jul 23, 2018 · 11 comments
Labels
Web Security White Hat Reports, Cross Site SQL Injection, etc

Comments

@prodigysml
Copy link

The Issue

SQL Injections are vulnerabilities in which the developer overly trusts user controlled input. This allows an attacker to perform malicious queries upon the database, which can lead to compromise of all data within the database and question the integrity of the data.

An attacker must be authenticated to perform this attack.

Where the Issue Occurred

The following code snippet shows the SQL query being created with a tainted variable:

$res = sqlStatement("SELECT distinct(group_name) FROM layout_options WHERE " .
"form_id = '".$_GET['layout_id']."' ORDER BY group_name");

The following code snippet show the above-mentioned SQL query being executed:

while ($row = sqlFetchArray($res)) {

@teryhill
Copy link
Contributor

SQL binding is needed there.

@tmccormi tmccormi added the Web Security White Hat Reports, Cross Site SQL Injection, etc label Sep 5, 2018
@prondubuisi
Copy link
Contributor

Hello @tmccormi can I work on this Issue?

@tmccormi
Copy link

tmccormi commented Nov 7, 2018 via email

@aethelwulffe
Copy link
Contributor

@prondubuisi Shall I send you a project invitation so I can assign you to this?

@prondubuisi
Copy link
Contributor

Yes @aethelwulffe

@aethelwulffe
Copy link
Contributor

@prondubuisi I have added you as a read-collaborator. Pick up your invite. @teryhill look at all our permissions. I amped up write access for a couple more of our collaborators that have been contributing for over a year, and have been helping with review or other tasks outside of a GSOC type program setting.

prondubuisi added a commit to prondubuisi/lh-ehr that referenced this issue Jan 26, 2019
aethelwulffe pushed a commit that referenced this issue Jan 26, 2019
layout editor needed query security.
@NicoleG25
Copy link

NicoleG25 commented Jan 8, 2020

Hi :)
Note that it appears CVE-2018-1000650 was assigned to this issue.
I'm assuming this was fixed in 5faa99e ?

@prondubuisi
Copy link
Contributor

Hello @NicoleG25 this is fixed already. Looks like you are interested in security would be very happy to have a chat, what is this all about CVE-2018-1000650

@prondubuisi
Copy link
Contributor

@muarachmann can we close this?

@NicoleG25
Copy link

Hello @NicoleG25 this is fixed already. Looks like you are interested in security would be very happy to have a chat, what is this all about CVE-2018-1000650

Gladly, I'll email you privately :)
Cheers!

@prondubuisi
Copy link
Contributor

Hello @muarachmann can this issue be closed since it is fixed already? I am looking at picking up more security related issues in the coming days!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Web Security White Hat Reports, Cross Site SQL Injection, etc
Projects
None yet
Development

No branches or pull requests

6 participants