-
Change Request
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
None
It's insecure to use Zabbix with Oracle database because of all the SQL injections issues caused by improper data encoding function listed below:
./include/db.inc.php: 1013 case ZBX_DB_ORACLE: 1014 if (is_array($var)) { 1015 foreach ($var as $vnum => $value) { 1016 $var[$vnum] = "'".preg_replace('/\'/', '\'\'', $value)."'"; 1017 } 1018 return $var; 1019 } 1020 return "'".preg_replace('/\'/','\'\'',$var)."'";
In the case of string \' it's possible to bypass escaping function andÂ
Please find a PoC code below:
<?php $var = chr(92).chr(39); $q = "'".preg_replace('/\'/','\'\'',$var)."'"; echo $q; '\''' where the string \'' is unquoted