Author: roberthend15
Description:
I found a SQL injection in the search form.
If you enter a single quote into the form the postgreSQL server respond with the following error:
Warning: pg_query(): Query failed: ERROR: syntax error in tsquery: "'" in <FULLPATH>\DatabasePostgres.php on line 584 Sorry, that was not a valid search string. Please go back and try again
Wich means the server is vulrnable to an SQL injection.
Reproduce:
- go to the main wiki page
- Enter the single quote into the search form
Shortcut to the bug:
https://wiki.<WEBSITE-NAME>.org/en/Special:Search?search=%27&go=Go
Note that the %27 is the single quote character !
Originaly found at:
https://wiki.mageia.org/en/Special:Search?search=%27&go=Go
(Already told them about this)
Robert Hendriks
Version: 1.20.x
Severity: normal
Platform: PC