php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Sec Bug #78558 Information Exposure Through an Error Message
Submitted: 2019-09-18 10:25 UTC Modified: 2019-09-18 12:46 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: aboud dot deek at gmail dot com Assigned: cmb (profile)
Status: Closed Package: Website problem
PHP Version: 7.4.0RC1 OS: mac os
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: aboud dot deek at gmail dot com
New email:
PHP Version: OS:

 

 [2019-09-18 10:25 UTC] aboud dot deek at gmail dot com 
Description:
------------
When make parameter (bug_type) array , will output Error Sql

when add [] for most parameter in **bugs.php.net** will give us Error SQL 

Poc:

https://bugs.php.net/search.php?search_for%5B%5D=&boolean=0&limit=30&order_by=&direction=DESC&cmd=display&status=Open&bug_type=here reflect&project=All&php_os=&phpver=&cve_id=&assign%5B%5D=&author_email=&bug_age=0&bug_updated=0&commented_by=


https://bugs.php.net/search.php?limit=30&order_by=id&direction=DESC&cmd=display&status=Open&bug_type%5Bhereeeeeee%5D=All




Expected result:
----------------
Parameter (bug_type=) is reflecte and It is possible that the hacker can analyze the query and bypass the protection


if hacker can bypass filter or protection will have SQL Injection and XSS

https://cwe.mitre.org/data/definitions/209.html

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-09-18 11:06 UTC] cmb@php.net
-Type: Bug +Type: Security -Private report: No +Private report: Yes
 [2019-09-18 11:28 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2019-09-18 11:28 UTC] cmb@php.net 
I have committed a fix:
<http://git.php.net/?p=web/bugs.git;a=commit;h=257c114b05462d5d65ee6efffabd28ad59889b69>.
It will take a while until this goes live.
 [2019-09-18 12:46 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2019-09-18 12:46 UTC] cmb@php.net 
Well, this has already been fixed with
<http://git.php.net/?p=web/bugs.git;a=commit;h=ce9c82af403508804a1240f75c0d79940820b79c>.

Thanks for reporting!
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 12:01:30 2024 UTC