Ad Widget

Collapse

sql injection in zabbix front ends

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • praveen.kurra@tcs.com
    Junior Member
    • May 2009
    • 10
    #1

    sql injection in zabbix front ends

    Hi all,

    While going through the code we have found there is lot of code prone to sql injection vulnerability. Eg:

    Line 458 of db.inc.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL The line no 185 to 188 from users.php has a variable called $_REQUEST['refresh']()

    187 $_REQUEST['lang'],$_REQUEST['theme'],$_REQUEST['refresh'],$_REQUEST['user_type'],

    whic is sinked with phjp file db.inc.php: on line 458

    458 $result=mysql_query(trim($query),$DB['DB']);

    There are lots of this kind How do we fix this ?
    Tags: None
    • Calimero
      Senior Member
      • Nov 2006
      • 481
      #2
      As far as I remember _REQUEST and other special arrays are checked/cleaned before they are used.

      Of course if you can actually inject SQL statements you should create and bug report on support.zabbix.com or quickly contact Zabbix SIA (private message on forum to Alexei or email).

        Comment

        • Aly
          ZABBIX developer
          • May 2007
          • 1126
          #3
          Originally posted by [email protected]
          Hi all,

          While going through the code we have found there is lot of code prone to sql injection vulnerability. Eg:

          Line 458 of db.inc.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL The line no 185 to 188 from users.php has a variable called $_REQUEST['refresh']()

          187 $_REQUEST['lang'],$_REQUEST['theme'],$_REQUEST['refresh'],$_REQUEST['user_type'],

          whic is sinked with phjp file db.inc.php: on line 458

          458 $result=mysql_query(trim($query),$DB['DB']);

          There are lots of this kind How do we fix this ?
          Did you really found(checked) SQL injection?? or you just assume?
          I bet it's second..
          Zabbix | ex GUI developer

            Comment

            • praveen.kurra@tcs.com
              Junior Member
              • May 2009
              • 10
              #4
              There is a Tool called Fortify which can detect the SQL injections inside the code.Based on this Report i am asking this question

                Comment

                • Aly
                  ZABBIX developer
                  • May 2007
                  • 1126
                  #5
                  As Calimero said, zabbix checks incoming data.
                  Zabbix | ex GUI developer

                    Comment

                    Previous template Next
                    Working...