Security flaw

BackMenu
Home
psychmartianmuntopia
12 years, 10 months ago
Hi, 
I am a big fan of mobile joomla and I run it on my company's site. However when performing pen testing on the site I found one of the plugin files:

 
plugins/mobile/terawurfl/DatabaseConnectors/TeraWurflDatabase_MySQL5.php


to make it susceptible to SQL injection. This comes because of its error hadnling I will post the errors here but I will prefix the disclosure as
storage path


 
<b>Warning</b>: mysqli::real_escape_string() [<a href='mysqli.real-escape-string'>mysqli.real-escape-string</a>]: Couldn't fetch mysqli in <b>Storagepath/plugins/mobile/terawurfl/DatabaseConnectors/TeraWurflDatabase_MySQL5.php</b> on line <b>537</b><br />



<b>Warning</b>: mysqli::query() [<a href='mysqli.query'>mysqli.query</a>]: Couldn't fetch mysqli in <b>Storagepath/plugins/mobile/terawurfl/DatabaseConnectors/TeraWurflDatabase_MySQL5.php</b> on line <b>353</b><br />



Based on your coding system could you help me debug this file so that it throws exceptions that don't reveal this kind of information. Thanks in advance

<b>Warning</b>: TeraWurflDatabase_MySQL5::getDeviceFromCache() [<a href='terawurfldatabase-mysql5.getdevicefromcache'>terawurfldatabase-mysql5.getdevicefromcache</a>]: Couldn't fetch mysqli in <b>Storagepath/plugins/mobile/terawurfl/DatabaseConnectors/TeraWurflDatabase_MySQL5.php</b> on line <b>354</b><br />
dryabov
12 years, 10 months ago
What version of MJ do you use?
psychmartianmuntopia
12 years, 10 months ago
The Latest one version 1 RC5
dryabov
12 years, 10 months ago
I asked you about version because of your line numbers don't correspond to my file. E.g., line 537 is
return $row['value'];
psychmartianmuntopia
12 years, 10 months ago
okay I think the line in question is the one that does the validation before that: 




 		else if (!is_numeric($value) || $value[0] == '0') $value = "'" . $this->dbcon->real_escape_string($value) . ;
psychmartianmuntopia
12 years, 10 months ago
sorry wrong line meant line 542
psychmartianmuntopia
12 years, 10 months ago
The other two are under the get device cache function. i.e 

public function getDeviceFromCache($userAgent){


as from line 359 

I think the thing that would solve the error disclosure would be passing string statements rather than techincal details about the error. That is what I need help with so that I tweak it.
psychmartianmuntopia
12 years, 10 months ago
my terawurfl.php file doesn't  seem to have that function. or should i replace the current terawurfl.php?
psychmartianmuntopia
12 years, 10 months ago
Replaced the terawurfl file with the patched one got another error that it can't redeclare class 
1

By continuing to use this site you consent to the use of cookies on your device as described in our cookie policy unless you have disabled them. This site will not function correctly without cookies.

I accept cookies from this site.