Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-4755

Hibernate doesn't treat backslashes correctly --> sql injection.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 2.3, 2.2.6, 2.4 M1
    • 2.2 M2
    • Storage
    • None
    • Medium

    Description

      Hibernate is supposed to protect us from injection of raw sql through it's hql setup but it fails to handle the following correctly:
      $xwiki.searchDocuments("''='\''; drop table xwikidoc; --\'")

      I think we need to escape backslashes before running queries with hibernate until they get this issue sorted out.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-4754 SQL injection from URL by users who are not logged in.

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              calebjamesdelisle CalebJamesDeLisle
              calebjamesdelisle CalebJamesDeLisle
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: