[Libreoffice-bugs] [Bug 148102] New: Tehdessäni koulutehtävää, löysin kaksi SQL injektiota LibreOfficen sivulta.

Sun, 20 Mar 2022 14:30:42 -0700 

https://bugs.documentfoundation.org/show_bug.cgi?id=148102

            Bug ID: 148102
           Summary: Tehdessäni koulutehtävää, löysin kaksi SQL injektiota
                    LibreOfficen sivulta.
           Product: LibreOffice
           Version: 7.3.1.3 release
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: LibreOffice
          Assignee: [email protected]
          Reporter: [email protected]

Description:
" kpl SQL injektion. Riski: Korkea.CWE ID: 89
Hyökkäys: ZAP OR 1=1

"SQL injection may be possible."

Other Info:

"The page results were successfully manipulated using the boolean conditions
[ZAP AND 1=1] and [ZAP OR 1=1]
The parameter value being modified was stripped from the HTML output for the
purposes of the comparison
Data was NOT returned for the original parameter.
The vulnerability was detected by successfully retrieving more data than
originally returned, by manipulating the parameter"

Solution:

"Do not trust client side input, even if there is client side validation in
place.  
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with
parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking
and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use
'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed
characters in user input.
Apply the principle of least privilege by using the least privileged database
user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not
eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application."

Actual Results:
En löytänyt sivua johon ilmoittaa haavoittuvuuksista, joten laitoin tänne
bugeihin.

Expected Results:
-


Reproducible: Always


User Profile Reset: No



Additional Info:
URL:

https://fi.libreoffice.org/home/SearchForm?Search=ZAP+AND+1%3D1&action_results=Go

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to