XSS attemps due to osmmap.php parameters not properly sanitized

[flop25]

Hello all the info are there http://piwigo.org/forum/viewtopic.php?pid=167672#p167672 no PoC but it seems safer to sanitize the parameters since sql queries were found in the database

[xbgmsharp]

Thanks i will check it.

[xbgmsharp]

There is a check that ensure all parameters are numbers. https://github.com/xbgmsharp/piwigo-openstreetmap/blob/master/include/functions_map.php#L145

[flop25]

you're right the regex seems quite sufficient to avoid strings like '%28SELECT%203163%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x71627a6271%2C%28SELECT%20IFNULL%28CAST%28COUNT%28password%29%20AS%20CHAR%29%2C0x20%29%20FROM%20osmantemizel_com_1.piwigo_users%29%2C0x71627a6a71%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29" to be registered So all those values have been registered before your released the last version (I saw you added this 6 Oct 2016 and released it in november) Could you still try to reproduce iwth the POST values foudn in his log in order to be 120% sure? ^^