For a Shotwell Scope SQL injection Demo , i attached a screenshot.
Code can be injected with a file name in the function getPhotoForUri.
Demonstration:
a) rename some picture like this
xx
" UNION SELECT
1,'2','Hello','World',5,6,7,8,9,10,11,12,'13','14','15',16,17,18,19,20,21,22,23,24,'25',26,27,28,29
-- ".png
b) start shotwell and ensure the picture gets into the shotwell database
c) close shotwell
d) Search for xx in the Unity Dash and click on the picture
e) Have look at the picture dimensions and the size. It reads "Hello x World
Pixels", size : 5.0b.
This is only a harmles demo. Other things may happen like crashes or code
execution.
** Attachment added: "unity-scope-shotwell SQL injection Demo"
https://bugs.launchpad.net/ubuntu/+source/unity-scope-clementine/+bug/1483037/+attachment/4542841/+files/screenshot.png
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1483037
Title:
Possible Shell Command Injection in daemon
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity-scope-audacious/+bug/1483037/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
