[koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-7-g3e6ad12
Git repo owner
gitmaster at git.koha-community.org
Tue Jun 23 11:26:07 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.14.x has been updated
via 3e6ad12ee87e8905f042091ae5d324524412f5d0 (commit)
from 4631b30b2fa4d379a09db4b7822753ade29b6df8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3e6ad12ee87e8905f042091ae5d324524412f5d0
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date: Fri Jun 19 08:35:07 2015 +1200
Bug 14412: SQL injection possible
There is a SQL Injection vulnerability in the
/cgi-bin/koha/opac-tags_subject.pl script.
By manipulating the variable 'number', the database can be accessed
via time-based blind injections.
The following string serves as an example:
/cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
To exploit the vulnerability, no authentication is needed
To test
1/ Turn on mysql query logging
2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
3/ Check the logs notice something like
SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1
PROCEDURE ANALYSE
(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
4/ Apply patch
5/ Hit the url again
6/ Notice the log now only has
SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1
Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de>
Confirmed the problem and the fix for it.
Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar>
(cherry picked from commit 57b01fb655955ac630d6018d03f4d134e7e3e25a)
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
(cherry picked from commit b414b22bf063d58e0e2255a648097cf9111ab445)
Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>
-----------------------------------------------------------------------
Summary of changes:
opac/opac-tags_subject.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list