Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CGI Generic SQL Injection (blind) #13887

Closed
maquisard opened this issue Dec 19, 2018 · 1 comment
Closed

CGI Generic SQL Injection (blind) #13887

maquisard opened this issue Dec 19, 2018 · 1 comment
Labels
answered For when a question was asked and we referred to forum or answered it.

Comments

@maquisard
Copy link

maquisard commented Dec 19, 2018
edited by Findus23

I have deployed Mamoto on our server and trying to use it with our research project. However, the security scan from our IT team reveal the following and I do not know how to fix it:
https://www.tenable.com/plugins/nessus/42424
For more details:
Using the GET HTTP method, Nessus found that :

+ The following resources may be vulnerable to blind SQL injection :

+ The 'module' parameter of the / CGI :

/?form_password_bis=&form_rememberme=1&action=resetPassword&form_login=&
form_nonce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=&module=Loginz
z&form_rememberme=1&action=resetPassword&form_login=&form_nonce=920b32d3
daaac6cbd0d13a7d7ba242ba&form_password=&module=Loginyy

-------- output --------



-------- vs --------
<!DOCTYPE html>
<html>
<head>
------------------------

+ The 'action' parameter of the / CGI :

/?form_password_bis=&module=Login&form_rememberme=1&form_login=&form_non
ce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=&action=resetPasswordz
z&module=Login&form_rememberme=1&form_login=&form_nonce=920b32d3daaac6cb
d0d13a7d7ba242ba&form_password=&action=resetPasswordyy

-------- output --------



-------- vs --------
<!DOCTYPE html>
<html>
<head>
------------------------

+ The 'module' parameter of the /index.php CGI :

/index.php?form_password=&form_rememberme=1&form_password_bis=&action=ge
tCss&cb=162e00e057819d2d2a4ea3eabdf3ae8a&form_login=&form_nonce=920b32d3
daaac6cbd0d13a7d7ba242ba&module=Proxyzz&form_rememberme=1&form_password_
bis=&action=getCss&cb=162e00e057819d2d2a4ea3eabdf3ae8a&form_login=&form_
nonce=920b32d3daaac6cbd0d13a7d7ba242ba&module=Proxyyy

-------- output --------
/* compile_me_once=dc278d4d511b826867ed0f08395edd6a */
/* Matomo CSS file is compiled with Less. You may be interested in [...]
/*!
-------- vs --------
<!DOCTYPE html>
<html>
<head>
------------------------


Using the POST HTTP method, Nessus found that :

+ The following resources may be vulnerable to blind SQL injection :

+ The 'form_login' parameter of the / CGI :

/ [form_password_bis=&module=Login&form_rememberme=1&action=resetPasswor
d&form_nonce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=&form_login=
zz&module=Login&form_rememberme=1&action=resetPassword&form_nonce=920b32
d3daaac6cbd0d13a7d7ba242ba&form_password=&form_login=yy]

-------- output --------
noclear="true"
context="error">
<strong>Error</strong>: Username or Email required
<br/>
<strong>Error</strong>: Password required
-------- vs --------
noclear="true"
context="error">
<strong>Error</strong>: Password required
<br/>
<strong>Error</strong>: Password (repeat) required
------------------------

+ The 'form_password' parameter of the / CGI :

/ [form_password_bis=&module=Login&form_rememberme=1&action=resetPasswor
d&form_login=&form_nonce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=
zz&module=Login&form_rememberme=1&action=resetPassword&form_login=&form_
nonce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=yy]

-------- output --------
<strong>Error</strong>: Username or Email required
<br/>
<strong>Error</strong>: Password required
<br/>
<strong>Error</strong>: Password (repeat) required
-------- vs --------
<strong>Error</strong>: Username or Email required
<br/>
<strong>Error</strong>: Password (repeat) required
<br/>
</div>
------------------------

/ [form_password_bis=&module=Login&form_rememberme=1&action=resetPasswor
d&form_login=&form_nonce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=
zz&module=Login&form_rememberme=1&action=resetPassword&form_login=&form_
nonce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=yy] {2}

-------- output --------
<strong>Error</strong>: Username or Email required
<br/>
<strong>Error</strong>: Password required
<br/>
<strong>Error</strong>: Password (repeat) required
-------- vs --------
<strong>Error</strong>: Username or Email required
<br/>
<strong>Error</strong>: Password (repeat) required
<br/>
</div>
------------------------
@tsteur
Copy link
Member

tsteur commented Dec 19, 2018

This looks like false positives. If you do find any concrete issues feel free to get in touch through our email on https://matomo.org/security/

@tsteur tsteur closed this as completed Dec 19, 2018
@tsteur tsteur added the answered For when a question was asked and we referred to forum or answered it. label Dec 19, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered For when a question was asked and we referred to forum or answered it.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tsteur @maquisard