Moved sql where line to be included in count #1130

merged 1 commit into from May 26, 2015


None yet

2 participants

laf commented May 25, 2015

Fixes #1129

@laf laf added the Bug label May 25, 2015

I think we've got a bigger problem with this file, which is an SQL injection vulnerability on line 12. Try searching for "'); drop table devices; --" (without the double quotes), on an unimportant system and you'll see what I mean. ;-)

laf commented May 26, 2015

Have you tested this or just read that pages code and assumed that's it not escaped?

$searchPhrase is run through mres() in html/ajax_table.php

'); drop table test; --


mysql> select * from test;
Empty set (0.00 sec)

My assumption was based on reading the code only.

I still get nervous when I see variables inserted like that instead of parameterised, but if there's no way to hit that code without the variables being sanitised, I'm happy. :-)


@paulgear paulgear merged commit bd46c09 into librenms:master May 26, 2015

1 check passed

Scrutinizer No new issues
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment