View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001031 | Main CAcert Website | Audit issues | public | 2012-04-09 03:12 | 2018-11-18 13:46 |
Reporter | clopez | Assigned To | Patrick | ||
Priority | high | Severity | major | Reproducibility | always |
Status | fix available | Resolution | open | ||
Platform | Default | OS | any | OS Version | any |
Summary | 0001031: Disable use of insecure function mysql_escape_string() | ||||
Description | mysql_escape_string() is insecure * http://security.stackexchange.com/questions/8028/does-mysql-escape-string-have-any-security-vulnerabilities-if-all-tables-using-l And its used on core parts like password user logging: $ grep -rl mysql_escape_string . ./includes/lib/general.php ./www/wot.php ./www/disputes.php ./www/verify.php ./www/alert_hash_collision.php ./www/index.php ./www/api/cemails.php ./www/api/edu.php ./pages/wot/12.php ./pages/wot/13.php ./pages/account/43.php ./pages/account/53.php ./pages/account/41.php ./pages/account/54.php ./pages/account/49.php ./tverify/index.php Theoretically this can be exploited to perform a SQL Injection attack. Please replace all mysql_escape_string() occurrences with the secure mysql_real_escape_string( You can do this simply executing this command on the topdir: grep -rl mysql_escape_string . | xargs sed -i "s/mysql_escape_string/mysql_real_escape_string/g" | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
related to | 0001162 | fix available | INOPIAE | calcutate (the passwords) hash in php instead of in mysql -> \\ |
related to | 0001260 | needs work | BenBE | Make the source compatible with recent PHP versions |
related to | 0001442 | needs review & testing | GuKKDevel | Rewrite code to use ext/mysqli API (or PDO_MySQL) instead of ext/mysql |
related to | 0000156 | needs work | magic_quotes_gpc vs. mysql_escape_string() |
|
I quickly wrote the fix. https://github.com/DjBusti/cacert-devel/commit/c7ec6a2aa2edc6d59578d5adc685de01d4497461 |
|
Note that 0001442 also replaces mysql_real_escape_string, by mysqli_real_escape_string. So, once bug-1442 is installed this issue is obsolete. |
Date Modified | Username | Field | Change |
---|---|---|---|
2012-04-09 03:12 | clopez | New Issue | |
2013-05-15 05:59 | INOPIAE | Relationship added | related to 0001162 |
2013-11-12 21:25 | INOPIAE | Relationship added | related to 0000156 |
2014-03-19 10:54 | BenBE | Relationship added | related to 0001260 |
2015-02-27 22:04 | Patrick | Assigned To | => Patrick |
2015-02-27 22:06 | Patrick | Note Added: 0005336 | |
2015-03-10 21:22 | INOPIAE | Status | new => fix available |
2018-11-18 13:45 | Ted | Relationship added | related to 0001442 |
2018-11-18 13:46 | Ted | Note Added: 0005684 |