Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-4633

SQL injections issues in the case of using Oracle database

XMLWordPrintable

    • Icon: Change Request Change Request
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • None

      It's insecure to use Zabbix with Oracle database because of all the SQL injections issues caused by improper data encoding function listed below:

      ./include/db.inc.php:

1013 case ZBX_DB_ORACLE:
1014 if (is_array($var)) {
1015 foreach ($var as $vnum => $value) {
1016 $var[$vnum] = "'".preg_replace('/\'/', '\'\'', $value)."'";
1017 }
1018 return $var;
1019 }
1020 return "'".preg_replace('/\'/','\'\'',$var)."'";

      In the case of string \' it's possible to bypass escaping function and 

      Please find a PoC code below:

      <?php
$var = chr(92).chr(39);
$q = "'".preg_replace('/\'/','\'\'',$var)."'";
echo $q;

'\'''

where the string \'' is unquoted

            Unassigned Unassigned
            d0znpp Ivan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: