Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing command injection vulnerability #7

Closed
wants to merge 5 commits into from
Closed

Fixing command injection vulnerability #7

wants to merge 5 commits into from

Conversation

0xTHMS
Copy link

@0xTHMS 0xTHMS commented Jan 16, 2017

Password field was vulnerable to command injection

@camlafit
Copy link
Contributor

camlafit commented Jan 20, 2017 via email

@0xTHMS
Copy link
Author

0xTHMS commented Jan 23, 2017

Hi.

  • I put everything under the same sed -e
  • To trigger the injection, one could set his password to $(touch /tmp/vulnvuln) to trigger the vulnerabily.

Regards,

Copy link
Contributor

@fufroma fufroma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not mysqli_real_escape_string?

@drousseau
Copy link

@fufroma Currently mysqli_real_escape_string() is not used anywhere in AlternC

You may propose a global patch to replace addslashes() by mysqli_real_escape_string() :o)

@fufroma
Copy link
Contributor

fufroma commented Jan 23, 2017

Because previously we were lazy doesn't mean we should continue this way ^^

@camlafit
Copy link
Contributor

HI

Do you solve #5 ?

@lelutin
Copy link

lelutin commented Feb 22, 2017

@camlafit the code seems to attempt fixing #1, #3, and #5
it looks like it might be a better attempt than what @fser and I already tried for #1. we'll have to test that the resulting code actually fixes the vulnerabilities. if it does, it should be merged ASAP since the security vulnerabilities have been open for many months already :|

@camlafit
Copy link
Contributor

Hi

In review code I see you normalize also su/sudo use. Should be better to set it as specific commit can you improve this.
I know it's annoying but if we can do a PR readable why not :p

When you've do check/test about this we can merge it :) @vincib ? @albancrommer ?

@vincib
Copy link
Contributor

vincib commented Jun 21, 2018

shell issue not applicable (you have an old update_mailman.sh, that may be vulnerable)
and cocoadaemon fixed the sql by using PDO / Prepare

@vincib vincib closed this Jun 21, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants