Hello,
This vulnerability was already send to us , I created a bug about it.
And this one is already fix into 3.5 branch.
https://doliforge.org/tracker/?func=detail&aid=1437&atid=246&group_id=144
https://github.com/Dolibarr/dolibarr/pull/1645
Deepak Rathore send us the information, but as I made some fix, but not
all, he publish the issues. That the normal process.
After that read what the exploit is : entity is not escaped and produce
a SQL error message, and they says it can be a source of SQL
injection... I understand the concept but, in this case, you can't have
any SQL injection with sql request like "WHERE entity IN
(0,".$entity)". Put what you want here, it will never produce a SQL
injection of malicius data, at least is will give you an error message
and th'at the case. Or If you know a way to really use this exploit
please let me know, I want to learn how to hack application with this
kind of exploit.
There is tha same issue with sort order and sort field send by query
string into list. It give an SQL error but if somebody can explain to me
how insert or read data of a database just by hacking the "ORDER BY "
instruction, you'll maka my day.
Regards
Florian Henry
+33 6 03 76 48 07
florian.he...@open-concept.pro
http://www.open-concept.pro
Twitter : @_Open_Concept_
Le 08/07/2014 15:24, Maxime Kohlhaas a écrit :
Hi all,
Apparently we have some fix to do on 3.5 :
http://www.exploit-db.com/exploits/34007/
Don't know if anyone saw this because i haven't seen anything on this
mailist about this issue.
Regards,
--
/*Maxime Kohlhaas
*Consultant associé
//ATM Consulting/
/+33 6 33 42 92 43/
_______________________________________________
Dolibarr-dev mailing list
Dolibarr-dev@nongnu.org
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
_______________________________________________
Dolibarr-dev mailing list
Dolibarr-dev@nongnu.org
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
