when creating autocat rule, with a comment containing a ' I recognized sql errors.
So, playing a little bit with it, i.e. I got an autocat rule added with the following in
the comment field:
TESTTEST','X','2019-01-01','1'); -- \
faking the userid to some other user than myself for example. Other fields also seem
to be vulnerable, as well as the general query builder. With my limited testing, I didn't
managed to insert additional sql statements, or at least on security-onion, a union select on mysql.users seems to be prohibited as long as noone messed with GRANT statements
in the database.
Well, only admins should be able to connect to sguild, there should be some trust into
them ;)
Have seen this in 0.9.0, as well as 1.0.0
Hi,
when creating autocat rule, with a comment containing a ' I recognized sql errors. So, playing a little bit with it, i.e. I got an autocat rule added with the following in the comment field: TESTTEST','X','2019-01-01','1'); -- \
faking the userid to some other user than myself for example. Other fields also seem to be vulnerable, as well as the general query builder. With my limited testing, I didn't managed to insert additional sql statements, or at least on security-onion, a union select on mysql.users seems to be prohibited as long as noone messed with GRANT statements in the database.
Well, only admins should be able to connect to sguild, there should be some trust into them ;) Have seen this in 0.9.0, as well as 1.0.0