antville/antville
antville/antville
1
1
Fork 0
Code Issues 48 Pull requests 17 Projects Releases 9 Wiki Activity Actions 2

Harden search against SQL injection #355

New issue
Closed
opened 2023-03-03 16:54:12 +00:00 by p3k · 0 comments
p3k commented 2023-03-03 16:54:12 +00:00 (Migrated from github.com)
Copy link

SQL database was under “attack” resulting in queries running forever and the corresponding container’s CPU to constantly peak.

The culprit:

SELECT comment.id
FROM content AS COMMENT,
     content AS story,
     site,
     metadata,
     account AS creator,
     account AS modifier
WHERE site.id = 1
  AND comment.prototype = 'Comment'
  AND site.id = comment.site_id
  AND comment.story_id = story.id
  AND story.status in ('public',
                       'shared',
                       'open')
  AND story.comment_mode in ('open')
  AND comment.creator_id = creator.id
  AND comment.modifier_id = modifier.id
  AND creator.status <> 'deleted'
  AND modifier.status <> 'deleted'
  AND comment.prototype = metadata.parent_type
  AND comment.id = metadata.parent_id
  AND metadata.name in ('title',
                        'text')
  //                                    👇
  AND lower(metadata.value) like lower('%')/**/
  AND/**/89/**/LIKE/**/90/**/
  OR/**/1789=1789/**/
  AND/**/('vTSI'/**/LIKE/**/'vTSI%')
GROUP BY comment.id,
         comment.created
ORDER BY comment.created DESC
LIMIT 51

Obviously, I was a bad coder not using prepared statements for the query! 🙀

Anyway, thanks for the heads-up, friendly(?) attacker! 🤗

SQL database was under “attack” resulting in queries running forever and the corresponding container’s CPU to constantly peak. The culprit: ```sql SELECT comment.id FROM content AS COMMENT, content AS story, site, metadata, account AS creator, account AS modifier WHERE site.id = 1 AND comment.prototype = 'Comment' AND site.id = comment.site_id AND comment.story_id = story.id AND story.status in ('public', 'shared', 'open') AND story.comment_mode in ('open') AND comment.creator_id = creator.id AND comment.modifier_id = modifier.id AND creator.status <> 'deleted' AND modifier.status <> 'deleted' AND comment.prototype = metadata.parent_type AND comment.id = metadata.parent_id AND metadata.name in ('title', 'text') // 👇 AND lower(metadata.value) like lower('%')/**/ AND/**/89/**/LIKE/**/90/**/ OR/**/1789=1789/**/ AND/**/('vTSI'/**/LIKE/**/'vTSI%') GROUP BY comment.id, comment.created ORDER BY comment.created DESC LIMIT 51 ``` Obviously, I was a bad coder not using prepared statements for the query! :scream_cat: Anyway, thanks for the heads-up, friendly(?) attacker! :hugs:
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
renovate/com.github.jk1.dependency-license-report-3.x
renovate/uikit-3.x
renovate/gradle-9.x
renovate/major-github-artifact-actions
renovate/actions-checkout-6.x
renovate/org.jsoup-jsoup-1.x
renovate/less-4.x
renovate/generate-license-file-4.x
renovate/alpinejs-3.x
renovate/commonmark-packages
renovate/jsdoc-4.x
refactor_setting_of_root_cookie
renovate/com.h2database-h2-2.x
renovate/codemirror-5.x
renovate/gradle-8.x
renovate/codemirror-6.x
renovate/lock-file-maintenance
codemirror-6
renovate/npm-run-all2-8.x
automatically-set-root-cookie
gh-pages
wiki
feature-blogger.de-upgrade
feature-newspecies
1.6.0
v1.6α
v1.6pre
release-1.5
release-1.4
release-1.3
release-1.2.1
release-1.2
release-1.1
release-1.0
Labels
Clear labels   
antville.org

   
bug

   
compatibility

   
dependency

Pull request that updates a dependency file

  
duplicate

   
enhancement

   
help wanted

   
invalid

   
java

Pull requests that update Java code

  
javascript

Pull requests that update Javascript code

  
major

   
needs feedback

   
needs work

   
no-issue-activity

   
runtime

   
security

   
urgent

   
usability

   
wontfix
No labels
antville.org
bug
compatibility
dependency
duplicate
enhancement
help wanted
invalid
java
javascript
major
needs feedback
needs work
no-issue-activity
runtime
security
urgent
usability
wontfix
Milestone
Clear milestone
No items
No milestone
Release 1.6
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: antville/antville#355
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?