• <cite id="jdh17"></cite>
    <ins id="jdh17"></ins>
    <var id="jdh17"></var>
    <ins id="jdh17"><span id="jdh17"><var id="jdh17"></var></span></ins>
    <var id="jdh17"></var>
    <cite id="jdh17"><span id="jdh17"></span></cite>
    <var id="jdh17"></var>
    <thead id="jdh17"><strike id="jdh17"><listing id="jdh17"></listing></strike></thead>
    <cite id="jdh17"><video id="jdh17"><menuitem id="jdh17"></menuitem></video></cite>

    Security

    Security Advisory: ZF2016-02

    ZF2016-02: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select

    The implementation of ORDER BY and GROUP BY in Zend_Db_Select of ZF1 is vulnerable by the following SQL injection:

    $db = Zend_Db::factory(/* options here */);
    $select = new Zend_Db_Select($db);
    $select->from('p');
    $select->order("MD5(\"(\");DELETE FROM p2; #)"); // same with group()
    

    The above $select will render the following SQL statement:

    SELECT `p`.* FROM `p` ORDER BY MD5("");DELETE FROM p2; #) ASC
    

    instead of the correct one:

    SELECT `p`.* FROM `p` ORDER BY "MD5("""");DELETE FROM p2; #)" ASC
    

    This security fix can be considered as an improvement of the previous ZF2014-04.

    Action Taken

    We fixed the reported SQL injection using two regular expressions for the order() and the group() methods in Zend_Db_Select, created as the class constants REGEX_COLUMN_EXPR_ORDER and REGEX_COLUMN_EXPR_GROUP, respectively. These are defined as:

    /^([\w]+\s*\(([^\(\)]|(?1))*\))$/
    

    This regexp is different from the previous REGEX_COLUMN_EXPR, which used the character pattern [\w]*; we now require at least one word boundary ([\w]+).

    The patch is available starting in Zend Framework 1.12.19.

    Other Information

    This SQL injection attack does not affect Zend Framework 2 and 3 versions because the implementations of Zend\Db\Sql\Select::order() and Zend\Db\Sql\Select::group() do not manage parenthetical expressions.

    Acknowledgments

    The Zend Framework team thanks the following for identifying the issues and working with us to help protect its users:

    • Peter O'Callaghan, who discovered and reported the issue;
    • Enrico Zimuel, who provided the patch.

    Released 2016-07-13

    Back to advisories

    Have you identified a security vulnerability?

    Please report it to us at [email protected]

    Copyright

    © 2006-2019 by Zend, a Rogue Wave Company. Made with by awesome contributors.

    This website is built using zend-expressive and it runs on PHP 7.

    Contacts

    六合特码资料
  • <cite id="jdh17"></cite>
    <ins id="jdh17"></ins>
    <var id="jdh17"></var>
    <ins id="jdh17"><span id="jdh17"><var id="jdh17"></var></span></ins>
    <var id="jdh17"></var>
    <cite id="jdh17"><span id="jdh17"></span></cite>
    <var id="jdh17"></var>
    <thead id="jdh17"><strike id="jdh17"><listing id="jdh17"></listing></strike></thead>
    <cite id="jdh17"><video id="jdh17"><menuitem id="jdh17"></menuitem></video></cite>
  • <cite id="jdh17"></cite>
    <ins id="jdh17"></ins>
    <var id="jdh17"></var>
    <ins id="jdh17"><span id="jdh17"><var id="jdh17"></var></span></ins>
    <var id="jdh17"></var>
    <cite id="jdh17"><span id="jdh17"></span></cite>
    <var id="jdh17"></var>
    <thead id="jdh17"><strike id="jdh17"><listing id="jdh17"></listing></strike></thead>
    <cite id="jdh17"><video id="jdh17"><menuitem id="jdh17"></menuitem></video></cite>
    2018世界杯战绩表 体育彩票31选7大星走势图 vr赛游戏机 时时彩精确预测软件 美女模特 招财进宝app 11选5开奖结果查询 彩票开奖结果今天开奖 天津时时 天津时时彩开奖走势