#42493 closed defect (bug) (invalid)
CGI Generic SQL Injection (blind)
Reported by: | gediweb | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | major | Version: | 4.8.3 |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
We have Sitelock scanning our website and this is the first time they have given us a warning. I know it says "potentially" but how do I get them to stop giving us this warning? And how do I harden the files so that it does not get attacked?
Here is what I got from them.
Synopsis: A CGI application hosted on the remote web server is potentially prone to SQL injection attack.
Description: By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, SiteLock was able to get a very different response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database.
An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.
Note that this script is experimental and may be prone to false positives.
Solution: Modify the affected CGI scripts so that they properly escape arguments.
Technical Details:
Using the GET HTTP method, SiteLock found that : + The following resources may be vulnerable to blind SQL injection : + The 'load%5B%5D' parameter of the /wp-admin/load-styles.php CGI : /wp-admin/load-styles.php?c=1&ver=4.8.3&dir=ltr&load%5B%5D=dashicons%2cb uttons%2cforms%2cl10n%2cloginzz1&ver=4.8.3&dir=ltr&load%5B%5D=dashicons% 2cbuttons%2cforms%2cl10n%2cloginyy -------- output -------- #pass-strength-result,input,textarea{-webkit-box-sizing:border-box [...] .locale-he-il em,.locale-zh-cn #local-time,.locale-zh-cn #utc-time [...] #pass-strength-result,input,textarea{-webkit-box-sizing:border-box;-moz- box-sizing:border-box}.meta-box-sortables select,p.submit{max-width:100% }#your-profile label+a,.wp-admin select,fieldset label,label{vertical-al ign:middle}#pressthis-code-wrap,textarea{overflow:auto}.login h1 a [...] -------- vs -------- #pass-strength-result,input,textarea{-webkit-box-sizing:border-box [...] .locale-he-il em,.locale-zh-cn #local-time,.locale-zh-cn #utc-time [...] ------------------------
Change History (5)
#1
@
7 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
- Version 4.8.3 deleted
#2
@
7 years ago
- Resolution invalid deleted
- Severity changed from normal to major
- Status changed from closed to reopened
- Version set to 4.8.3
Hey there @gediweb,
I recommend contacting SiteLock about this issue. Their contact information can be found here: https://www.sitelock.com/
Trac isn't really a place for support, especially in regards to 3rd party systems.
This looks like its likely a false positive, but have them check anyway. If it is indeed a security issue, please have them report it responsibly here: https://hackerone.com/wordpress.