[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dolibarr-dev] Bug report

From: Florian HENRY
Subject: Re: [Dolibarr-dev] Bug report
Date: Thu, 10 Jul 2014 08:43:53 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0


This vulnerability was already send to us , I created a bug about it. And this one is already fix into 3.5 branch.

Deepak Rathore send us the information, but as I made some fix, but not all, he publish the issues. That the normal process.

After that read what the exploit is : entity is not escaped and produce a SQL error message, and they says it can be a source of SQL injection... I understand the concept but, in this case, you can't have any SQL injection with sql request like "WHERE entity IN (0,".$entity)".  Put what you want here, it will never produce a SQL injection of malicius data, at least is will give you an error message and th'at the case.  Or If you know a way to really use this exploit please let me know, I want to learn how to hack application with this kind of exploit.
There is tha same issue with sort order and sort field send by query string into list. It give an SQL error but if somebody can explain to me how insert or read data of a database just by hacking the  "ORDER BY " instruction, you'll maka my day.


Florian Henry
+33 6 03 76 48 07
Twitter : @_Open_Concept_
Le 08/07/2014 15:24, Maxime Kohlhaas a écrit :
Hi all,

Apparently we have some fix to do on 3.5 :

Don't know if anyone saw this because i haven't seen anything on this mailist about this issue.


Maxime Kohlhaas
Consultant associé
ATM Consulting
+33 6 33 42 92 43

Dolibarr-dev mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]