push_type icon indicating copy to clipboard operation
push_type copied to clipboard

Published 20 hours ago verified publisher icon pushtype

Dragonfly possible injection attack

Open aaronrussell opened this issue 7 years ago • 0 comments

The bug tracker on one of our sites is being flooded with requests similar to:

/media/image_path.jpg?style=245x320# UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ggwd

Resulting in params:

{
  "style": "245x320# UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ggwd"
}

And is raising an error:

ArgumentError·Didn't recognise the geometry string 245x320# UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ggwd

I don't think there's an actual security risk here, but would be nice to have someone else review the code. Additionally maybe the style regex can extract the intended parameter more strictly and ignore the rest.

aaronrussell avatar Apr 24 '17 09:04 aaronrussell