Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix sql injection in sql-admin-manager plugin #1423

Merged
merged 1 commit into from
Feb 2, 2021

Conversation

peace-maker
Copy link
Member

This bug was found as part of justCTF 2020 in the PainterHell challenge by cypis. Thank you!

Admins with the root flag could inject their own queries towards the admin database connection.

The sql-admin-manager plugin is disabled by default.

This bug was found as part of justCTF 2020 in the PainterHell challenge by cypis. Thank you!

Admins with the root flag could inject their own queries towards the admin database connection.

The sql-admin-manager plugin is disabled by default.
@peace-maker peace-maker merged commit 91a1fd0 into alliedmodders:master Feb 2, 2021
@peace-maker peace-maker deleted the admin-manager-sqli branch February 2, 2021 10:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants