[CKAN-Security] SQLi

• Previous message: [CKAN-Security] data modifications using GET
• Next message: [CKAN-Security] SQLi
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi there!

I'm going to report a SQLi, to find this SQLi i passed trough an XSS CWE-79.

In a first moment you have datastore_root_url that brings you in  "CKAN Data API" and shows some examples of queries that you can do.

Modifying the query with a siple SELECT on datastore_search_sql (sql parameter) you get the SQLi.

Hope that this data can help you fix this critical vulnerability.

Let me know ASAP

This is a PoC: http://www.data.gov.my/data/ms_MY/api/action/datastore_search_sql?sql=SELECT%20*%20from%20%221816aeef-2807-4f19-80b7-63620f90f67c%22

Thanks,

Leonardo Porpora
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180514/30b0df7c/attachment.html>

• Previous message: [CKAN-Security] data modifications using GET
• Next message: [CKAN-Security] SQLi
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]