search

yasser777 / nettiers

Automatically exported from code.google.com/p/nettiers
0 stars 0 forks source link

Security bug : SQL Injection in GridViewSearchPanel.BuildSearch. #435

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
> What steps will reproduce the problem?

1. Open admin generated list
http://mysite.com/NetTiers/Admin/lsit.aspx

2. put a single quote ' in the search textbox and execute search

3. be amazed by error message :

Server Error in '/NetTiers.Website' Application.
--------------------------------------------------------------------------------

Unclosed quotation mark after the character string ' ORDER BY [Field] DESC'.
Incorrect syntax near ' ORDER BY [Field] DESC'. 

4. Play with custom queries

'; DELETE FROM TABLE ; UPDATE TABLE ; --

> What is the expected output? What do you see instead?

There should be a list of records, there is a SQLException 
instead leading to a SQL Injection.

> What version of .netTiers and CodeSmith are you using?

latest from source

> Please use labels and text to provide additional information.

Attached is a patch fixing this specific security bug.

Original issue reported on code.google.com by luc.duch...@gmail.com on 6 Dec 2013 at 8:40

Attachments: