Wednesday, January 21, 2009

oMedia cms: Potential SQL inject vulnerability

oMedia is a Polish cms for shearing multimedia files. During some modifications of this cms, I found that there might be possible SQL injection vulnerability. Specifically, the problem is with the search panel. For example, performing a search for a file using a string that contains single quote (') results in the MySQL error:The error shows full MySQL command! This might be a potential for SQL injection attacks on the websites using this cms. Please don't panic! I'm not saying that there is vulnerability, I'm just pointing out that there might be vulnerability.
The solution to this problem is quite simple. In a file searchFile.php the following code foreach ($keywords as $keyword) {
if ($i > 0) {
$filter .= ' OR ';
}
$filter .= "f.name LIKE '%$keyword%' OR f.description LIKE '%$keyword%' ";
$i++;
}
should be changed to this:foreach ($keywords as $keyword) {
$keyw=addslashes($keyword);
if ($i > 0) {
$filter .= ' OR ';
}
$filter .= "f.name LIKE '%$keyw%' OR f.description LIKE '%$keyw%' ";
$i++;
}
The above solution simply adds addslashes() function. Hope this works.