Ticket #592 (closed defect: fixed)

Opened 5 years ago

Last modified 5 years ago

http://bbpress.org/forums/bb-edit.php improperly filtered input

Reported by: chrishajer Owned by:
Priority: high Milestone:
Component: Back-end Version: 0.8
Severity: major Keywords:
Cc:

Description

I was adding a new topic at bbpress.org/forums and used the <pre> tag in my post (which is not allowed, but blockquote does not set the text apart at all.) It resulted in a MySQL error that appears to be unfiltered input or a possible SQL injection.

Here are the steps.

  1. I started a new topic.
  1. Went to edit the post because I did not like the way the <blockquote> was styled (i.e. not indented) so I tried the <pre> tag. Not sure if I can add attachments here, but if I can, it is called post-submission-bbpress.txt. That is the text that was submitted after editing.
  1. I got the attached error after editing that post:
  2. error-text-bbpress.txt is a copy of the text displayed in the browser
  3. error-source-bbpress.txt is the source of the above page
  4. sql-error-bbpress.png is a screenshot of the browser window without the chrome

I did not try to exploit it further. I know just enough about SQL injection to know that this shouldn't happen :)

Attachments

post-submission-bbpress.txt Download (715 bytes) - added by chrishajer 5 years ago.
error-text-bbpress.txt Download (920 bytes) - added by chrishajer 5 years ago.
error-source-bbpress.txt Download (1.2 KB) - added by chrishajer 5 years ago.
sql-error-bbbpress.png Download (12.6 KB) - added by chrishajer 5 years ago.

Change History

chrishajer5 years ago

chrishajer5 years ago

chrishajer5 years ago

chrishajer5 years ago

comment:1   chrishajer5 years ago

  • Component changed from Front-end to Back-end

comment:2   mdawaffe5 years ago

  • Status changed from new to closed
  • Resolution set to fixed

(In [717]) quircky slashes bug. Fixes #592

Note: See TracTickets for help on using tickets.