[koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-7-g3e6ad12

Git repo owner gitmaster at git.koha-community.org
Tue Jun 23 11:26:07 CEST 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.14.x has been updated
       via  3e6ad12ee87e8905f042091ae5d324524412f5d0 (commit)
      from  4631b30b2fa4d379a09db4b7822753ade29b6df8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3e6ad12ee87e8905f042091ae5d324524412f5d0
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date:   Fri Jun 19 08:35:07 2015 +1200

    Bug 14412: SQL injection possible
    
    There is a SQL Injection vulnerability in the
    /cgi-bin/koha/opac-tags_subject.pl script.
    
    By manipulating the variable 'number', the database can be accessed
    via time-based blind injections.
    
    The following string serves as an example:
    
    /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
    
    To exploit the vulnerability, no authentication is needed
    
    To test
    1/ Turn on mysql query logging
    2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
    3/ Check the logs notice something like
      SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1
      PROCEDURE ANALYSE
      (EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
    4/ Apply patch
    5/ Hit the url again
    6/ Notice the log now only has
       SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1
    
    Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
    Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de>
    Confirmed the problem and the fix for it.
    Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar>
    
    (cherry picked from commit 57b01fb655955ac630d6018d03f4d134e7e3e25a)
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    (cherry picked from commit b414b22bf063d58e0e2255a648097cf9111ab445)
    Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>

-----------------------------------------------------------------------

Summary of changes:
 opac/opac-tags_subject.pl |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list