Bugs item #1802421, was opened at 2007-09-26 04:14
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1802421&group_id=139143
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver 1.2.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Aron Rosenberg (amr42)
Assigned to: Nobody/Anonymous (nobody)
Summary: SQL injection in AVP Module
Initial Comment:
The AVPOPS module function avp_db_query is susceptable to SQL injection attacks
because any AVP's used within the query string are not escaped properly.
The UNIXODBC module has an existing sql escape function which could be used in
this case and it also has a module paramater to force escaping of paramaters
used in queries.
A simple script example of the problem is this:
avp_printf ("$avp(to_displayname)" ,"Mc'Dowell");
avp_db_query ("select * from table where a='$tn' and b=1")
On MySQL backend this will result in a SQL error on the query, but if the avp
var used comes from the wire a SQL injection is possible.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1802421&group_id=139143
_______________________________________________
Devel mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/devel
