https://bugzilla.wikimedia.org/show_bug.cgi?id=35043
Web browser: ---
Bug #: 35043
Summary: SQL Injection into search form
Product: MediaWiki
Version: 1.16
Platform: PC
OS/Version: All
Status: NEW
Severity: critical
Priority: Unprioritized
Component: Search
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
Mobile Platform: ---
I found a SQL injection in the search form.
If you enter a single quote into the form the postgreSQL server respond with
the following error:
Warning: pg_query(): Query failed: ERROR: syntax error in tsquery: "'" in
<FULLPATH>\DatabasePostgres.php on line 584 Sorry, that was not a valid search
string. Please go back and try again
Wich means the server is vulrnable to an SQL injection.
Reproduce:
1. go to the main wiki page
2. Enter the single quote into the search form
Shortcut to the bug:
https://wiki.<WEBSITE-NAME>.org/en/Special:Search?search=%27&go=Go
Note that the %27 is the single quote character !
Originaly found at:
https://wiki.mageia.org/en/Special:Search?search=%27&go=Go
(Already told them about this)
Robert Hendriks
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
