[ZBX-5144] SQL injection bug in frontend database configuration page (quotes not correctly escaped in password) Created: 2012 Jun 07 Updated: 2017 May 30 Resolved: 2012 Jun 21 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Frontend (F) |
| Affects Version/s: | 2.0.0 |
| Fix Version/s: | 2.0.2rc1, 2.1.0 |
| Type: | Incident report | Priority: | Major |
| Reporter: | SĂ©tphane Leibovitsch | Assignee: | Unassigned |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Linux Debian Squeeze, Apache 2.2.16, PostgreSQL 9.1, php 5.3.3 |
||
| Description |
|
On database configuration page, entering a quote (') in the password leads to an SQL error : For example : if the password is foo'bar : pg_connect(): Unable to connect to PostgreSQL server: missing "=" after "bar'" in connection info string [include/db.inc.php:98] |
| Comments |
| Comment by Pavels Jelisejevs (Inactive) [ 2012 Jun 18 ] |
|
RESOLVED in svn://svn.zabbix.com/branches/dev/ZBX-5144. This only seems to affect postgresql, oracle and db2 are ok. |
| Comment by Alexander Vladishev [ 2012 Jun 21 ] |
|
(1) pg_connect() require to escape only single quotes and backslashes, but function addslashes() escapes four characters (quote ('), double quote ("), backslash () and NUL) http://php.net/manual/en/function.pg-connect.php <pavels> RESOLVED. <Toms> CLOSED |
| Comment by Toms (Inactive) [ 2012 Jun 28 ] |
|
TESTED |
| Comment by Pavels Jelisejevs (Inactive) [ 2012 Jun 29 ] |
|
Fixed in 2.0 r28535 and trunk r28536. CLOSED. |