SQL Injection
mikemda opened this issue · 0 comments
mikemda commented
Hi,
Recently I was reviewing some code that contained an SQL injection vulnerability which I believe to originate from the use of alphabetical_paginate .
the code they used looked like
@users, @sorting_params = @users.alpha_paginate(
params[:startletter],
ALPHABETICAL_PAGINATE_CONFIG,
&:name
)
The injection was happening via
http://somesite.com/users?startletter=G
By passing
G' or 1='1
as the value of startletter it was possible to return all objects.
I think the fix should be to only take the first character, rather than the full string.
Feel free to contact me if you require further information.
Kind Regards
Mike