[CKAN-Security] SQLi
Leonardo
leonardo.porpora at firewake.org
Mon May 14 17:15:35 UTC 2018
Hi there!
I'm going to report a SQLi, to find this SQLi i passed trough an XSS CWE-79.
In a first moment you have datastore_root_url that brings you in "CKAN Data API" and shows some examples of queries that you can do.
Modifying the query with a siple SELECT on datastore_search_sql (sql parameter) you get the SQLi.
Hope that this data can help you fix this critical vulnerability.
Let me know ASAP
This is a PoC: http://www.data.gov.my/data/ms_MY/api/action/datastore_search_sql?sql=SELECT%20*%20from%20%221816aeef-2807-4f19-80b7-63620f90f67c%22
Thanks,
Leonardo Porpora
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180514/30b0df7c/attachment.html>
More information about the Security
mailing list