Skip to content

sguil.tk interface sql injections #54

New issue
New issue
Open
Open
sguil.tk interface sql injections#54
@buzzdeee

Description

@buzzdeee
buzzdeee
opened on Oct 23, 2019 · edited by buzzdeee

Hi,

when creating autocat rule, with a comment containing a ' I recognized sql errors.
So, playing a little bit with it, i.e. I got an autocat rule added with the following in
the comment field:
TESTTEST','X','2019-01-01','1'); -- \

faking the userid to some other user than myself for example. Other fields also seem
to be vulnerable, as well as the general query builder. With my limited testing, I didn't
managed to insert additional sql statements, or at least on security-onion, a union select on mysql.users seems to be prohibited as long as noone messed with GRANT statements
in the database.

Well, only admins should be able to connect to sguild, there should be some trust into
them ;)
Have seen this in 0.9.0, as well as 1.0.0

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @buzzdeee

        Issue actions
          sguil.tk interface sql injections · Issue #54 · bammv/sguil