[Pkg-cacti-maint] Bug#809260: SQL Injection still in the code
Marcel Meckel
debian at thermoman.de
Thu Dec 31 10:47:54 UTC 2015
Guys,
you just reopened the SQL injection vuln again!
Have a look at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807599#57
where I have described this already.
cacti-0.8.7g-1+squeeze9+deb6u12 is vulnerable now again to SQL
Injection.
Test it:
http://example.com/cacti/graph.php?action=properties&local_graph_id=3363&rra_id=1%20and%20benchmark(20000000%2csha1(1))--%20&view_type=tree&graph_start=1449752140&graph_end=1449838540
You have to edit
/usr/share/cacti/site/include/top_graph_header.php
and add the line
input_validate_input_regex(get_request_var("rra_id"),
"^([0-9]+|all)$");
in the input validation block.
More information about the Pkg-cacti-maint
mailing list