Community
Participate
Working Groups
Url :http://eclipse.org/membership/showMember.php?member_id=(select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) Vuln Parameter Name: member_id Vuln Parameter Type: Querystring Attack Pattern: (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) Vulnerability Details {PROBLEM} identified a probable SQL injection, which occurs when data input by a user is interpreted as an SQL command rather than as normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Even though I believe there is a SQL injection in here, it could not confirm it. There can be numerous reasons for i am not being able to confirm this. I strongly recommend investigating the issue manually to ensure it is an SQL injection and that it needs to be addressed. You can also consider sending the details of this issue to us so i can address this issue for the next time and give you a more precise result. Impact Depending on the backend database, database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully: Reading, updating and deleting arbitrary data/tables from the database. Executing commands on the underlying operating system. Actions to Take See the remedy for solution. If you are not using a database access layer (DAL) within the architecture consider its benefits and implement if appropriate. As a minimum the use of s DAL will help centralize the issue and its resolution. You can also use ORM (object relational mapping). Most ORM systems use parameterized queries and this can solve many if not all SQL injection based problems. Locate all of the dynamically generated SQL queries and convert them to parameterized queries. (If you decide to use a DAL/ORM, change all legacy code to use these new libraries.) Monitor and review weblogs and application logs to uncover active or previous exploitation attempts. Remedy A very robust method for mitigating the threat of SQL injection-based vulnerabilities is to use parameterized queries (prepared statements). Almost all modern languages provide built-in libraries for this. Wherever possible, do not create dynamic SQL queries or SQL queries with string concatenation. Required Skills for Successful Exploitation There are numerous freely available tools to test for SQL injection vulnerabilities. This is a complex area with many dependencies; however, it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL injection is one of the most common web application vulnerabilities
Moving to Community > Website
I've fixed this, and all the show* pages in Membership. There was some sanitizing being done, however in this case, it's best to simply filter for an integer and discard everything else. Thanks for reporting.
Thanks alot. I will be reporting some more vulnerabilities as well. Hope i get some bounty from you
> Hope i get some bounty from you While we greatly appreciate reporting these issues, please bear in mind that Eclipse is an open source community. We give away quality software for free. We do not have a bounty program. I am sorry. If financial compensation is the ultimate goal, it would likely be better to focus attention on those sites that have a bounty program. For an open source community, filing bugs is part of "giving back". I hope you agree.
For a security researcher like me. We vow to make the internet a safer place. Bounty or not i will still play my part as one. And yes i agree