Welcome, Guest
Username Password: Remember me
Forgot your password? Forgot your username? Create an account
Mobile Joomla!
Mobile Joomla! Forum
Bug reports

Security flaw
(1 viewing) (1) Guest
Reply Topic
New Topic
  • Page:
  • 1
  • 2

TOPIC: Security flaw

Security flaw 12 years, 10 months ago #7070

  • psychmartianmuntopia
  • OFFLINE
  • Fresh Boarder
  • Think Perfection, Think Skilled Soft Solutions
  • Posts: 9
  • Karma: 0
Hi, 
I am a big fan of mobile joomla and I run it on my company's site. However when performing pen testing on the site I found one of the plugin files:

 
plugins/mobile/terawurfl/DatabaseConnectors/TeraWurflDatabase_MySQL5.php


to make it susceptible to SQL injection. This comes because of its error hadnling I will post the errors here but I will prefix the disclosure as
storage path


 
<b>Warning</b>: mysqli::real_escape_string() [<a href='mysqli.real-escape-string'>mysqli.real-escape-string</a>]: Couldn't fetch mysqli in <b>Storagepath/plugins/mobile/terawurfl/DatabaseConnectors/TeraWurflDatabase_MySQL5.php</b> on line <b>537</b><br />



<b>Warning</b>: mysqli::query() [<a href='mysqli.query'>mysqli.query</a>]: Couldn't fetch mysqli in <b>Storagepath/plugins/mobile/terawurfl/DatabaseConnectors/TeraWurflDatabase_MySQL5.php</b> on line <b>353</b><br />



Based on your coding system could you help me debug this file so that it throws exceptions that don't reveal this kind of information. Thanks in advance

<b>Warning</b>: TeraWurflDatabase_MySQL5::getDeviceFromCache() [<a href='terawurfldatabase-mysql5.getdevicefromcache'>terawurfldatabase-mysql5.getdevicefromcache</a>]: Couldn't fetch mysqli in <b>Storagepath/plugins/mobile/terawurfl/DatabaseConnectors/TeraWurflDatabase_MySQL5.php</b> on line <b>354</b><br />
Reply Quote

Re: Security flaw 12 years, 10 months ago #7074

  • dryabov
  • OFFLINE
  • Administrator
  • Denis Ryabov, Lead Developer
  • Posts: 4867
  • Karma: 105
What version of MJ do you use?
Reply Quote

Re: Security flaw 12 years, 10 months ago #7075

  • psychmartianmuntopia
  • OFFLINE
  • Fresh Boarder
  • Think Perfection, Think Skilled Soft Solutions
  • Posts: 9
  • Karma: 0
The Latest one version 1 RC5
Reply Quote

Re: Security flaw 12 years, 10 months ago #7077

  • dryabov
  • OFFLINE
  • Administrator
  • Denis Ryabov, Lead Developer
  • Posts: 4867
  • Karma: 105
I asked you about version because of your line numbers don't correspond to my file. E.g., line 537 is
return $row['value'];
Reply Quote

Re: Security flaw 12 years, 10 months ago #7079

  • psychmartianmuntopia
  • OFFLINE
  • Fresh Boarder
  • Think Perfection, Think Skilled Soft Solutions
  • Posts: 9
  • Karma: 0
okay I think the line in question is the one that does the validation before that: 




 		else if (!is_numeric($value) || $value[0] == '0') $value = "'" . $this->dbcon->real_escape_string($value) . ;
Reply Quote

Re: Security flaw 12 years, 10 months ago #7080

  • psychmartianmuntopia
  • OFFLINE
  • Fresh Boarder
  • Think Perfection, Think Skilled Soft Solutions
  • Posts: 9
  • Karma: 0
sorry wrong line meant line 542
Reply Quote

Re: Security flaw 12 years, 10 months ago #7081

  • psychmartianmuntopia
  • OFFLINE
  • Fresh Boarder
  • Think Perfection, Think Skilled Soft Solutions
  • Posts: 9
  • Karma: 0
The other two are under the get device cache function. i.e 

public function getDeviceFromCache($userAgent){


as from line 359 

I think the thing that would solve the error disclosure would be passing string statements rather than techincal details about the error. That is what I need help with so that I tweak it.
Reply Quote

Re: Security flaw 12 years, 10 months ago #7082

  • dryabov
  • OFFLINE
  • Administrator
  • Denis Ryabov, Lead Developer
  • Posts: 4867
  • Karma: 105
Try this patch:
github.com/mobilejoomla/mobilejoomla/commit/549f19c04f69bfc68def9c27a47dd62b756cd0a1
Reply Quote

Re: Security flaw 12 years, 10 months ago #7083

  • psychmartianmuntopia
  • OFFLINE
  • Fresh Boarder
  • Think Perfection, Think Skilled Soft Solutions
  • Posts: 9
  • Karma: 0
my terawurfl.php file doesn't  seem to have that function. or should i replace the current terawurfl.php?
Reply Quote

Re: Security flaw 12 years, 10 months ago #7084

  • psychmartianmuntopia
  • OFFLINE
  • Fresh Boarder
  • Think Perfection, Think Skilled Soft Solutions
  • Posts: 9
  • Karma: 0
Replaced the terawurfl file with the patched one got another error that it can't redeclare class 
Reply Quote
Reply Topic
New Topic
  • Page:
  • 1
  • 2
Mobile Joomla!
Mobile Joomla! Forum
Bug reports
Powered by Kunena
Time to create page: 0.29 seconds

By continuing to use this site you consent to the use of cookies on your device as described in our cookie policy unless you have disabled them. This site will not function correctly without cookies.

I accept cookies from this site.