[ZBX-5144] SQL injection bug in frontend database configuration page (quotes not correctly escaped in password) Created: 2012 Jun 07 Updated: 2017 May 30 Resolved: 2012 Jun 21 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Frontend (F) |
Affects Version/s: | 2.0.0 |
Fix Version/s: | 2.0.2rc1, 2.1.0 |
Type: | Incident report | Priority: | Major |
Reporter: | SĂ©tphane Leibovitsch | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Linux Debian Squeeze, Apache 2.2.16, PostgreSQL 9.1, php 5.3.3 |
Description |
On database configuration page, entering a quote (') in the password leads to an SQL error : For example : if the password is foo'bar : pg_connect(): Unable to connect to PostgreSQL server: missing "=" after "bar'" in connection info string [include/db.inc.php:98] |
Comments |
Comment by Pavels Jelisejevs (Inactive) [ 2012 Jun 18 ] |
RESOLVED in svn://svn.zabbix.com/branches/dev/ZBX-5144. This only seems to affect postgresql, oracle and db2 are ok. |
Comment by Alexander Vladishev [ 2012 Jun 21 ] |
(1) pg_connect() require to escape only single quotes and backslashes, but function addslashes() escapes four characters (quote ('), double quote ("), backslash () and NUL) http://php.net/manual/en/function.pg-connect.php <pavels> RESOLVED. <Toms> CLOSED |
Comment by Toms (Inactive) [ 2012 Jun 28 ] |
TESTED |
Comment by Pavels Jelisejevs (Inactive) [ 2012 Jun 29 ] |
Fixed in 2.0 r28535 and trunk r28536. CLOSED. |