Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-6367

SQL injection in Blog.Archive

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 3.1 M1
    • 2.5
    • None
    • None
    • security, sql injection
    • Unknown

    Description

      Injection is also possible over month, categories and user name. The problem comes mostly from use of non-parametrized SQL queries in several velocity macros from Blog.BlogCode.

      Escaping test result:

      * Parameter: "year"
  Tested file: Blog/Archive.xml
  URL: http://127.0.0.1:8080/xwiki/bin/view/Blog/Archive?skin=colibri&year=aaa%22bbb%27ccc%3Eddd%3Ceee&language=en
  List of validation errors:
    line  302  column 133  WARNING: Macro execution exception in the response.
    line  528  column   0  WARNING: Possible SQL error trace.
    line  560  column   0  WARNING: Possible SQL error trace.

      Attachments

        Activity

          People

            sdumitriu Sergiu Dumitriu
            nickless Alex Busenius
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: