• <meter id="wevui"><menuitem id="wevui"><acronym id="wevui"></acronym></menuitem></meter>
    <wbr id="wevui"><code id="wevui"></code></wbr>

    1. 
      
      <code id="wevui"></code><blockquote id="wevui"><ruby id="wevui"><kbd id="wevui"></kbd></ruby></blockquote>
      <output id="wevui"><sup id="wevui"><li id="wevui"></li></sup></output><big id="wevui"></big>

          Security

          Security Advisory: ZF2016-02

          ZF2016-02: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select

          The implementation of ORDER BY and GROUP BY in Zend_Db_Select of ZF1 is vulnerable by the following SQL injection:

          $db = Zend_Db::factory(/* options here */);
          $select = new Zend_Db_Select($db);
          $select->from('p');
          $select->order("MD5(\"(\");DELETE FROM p2; #)"); // same with group()
          

          The above $select will render the following SQL statement:

          SELECT `p`.* FROM `p` ORDER BY MD5("");DELETE FROM p2; #) ASC
          

          instead of the correct one:

          SELECT `p`.* FROM `p` ORDER BY "MD5("""");DELETE FROM p2; #)" ASC
          

          This security fix can be considered as an improvement of the previous ZF2014-04.

          Action Taken

          We fixed the reported SQL injection using two regular expressions for the order() and the group() methods in Zend_Db_Select, created as the class constants REGEX_COLUMN_EXPR_ORDER and REGEX_COLUMN_EXPR_GROUP, respectively. These are defined as:

          /^([\w]+\s*\(([^\(\)]|(?1))*\))$/
          

          This regexp is different from the previous REGEX_COLUMN_EXPR, which used the character patterm [\w]*; we now require at least one word boundary ([\w]+).

          The patch is available starting in Zend Framework 1.12.19.

          Other Information

          This SQL injection attack does not affect Zend Framework 2 and 3 versions because the implementations of Zend\Db\Sql\Select::order() and Zend\Db\Sql\Select::group() do not manage parenthetical expressions.

          Acknowledgments

          The Zend Framework team thanks the following for identifying the issues and working with us to help protect its users:

          • Peter O'Callaghan, who discovered and reported the issue;
          • Enrico Zimuel, who provided the patch.

          Released 2016-07-13

          Back to advisories

          Have you identified a security vulnerability?

          Please report it to us at [email protected]

          Copyright

          © 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

          This website is built using zend-expressive and it runs on PHP 7.

          Contacts

          安徽快三走势图表
        1. <meter id="wevui"><menuitem id="wevui"><acronym id="wevui"></acronym></menuitem></meter>
          <wbr id="wevui"><code id="wevui"></code></wbr>

          1. 
            
            <code id="wevui"></code><blockquote id="wevui"><ruby id="wevui"><kbd id="wevui"></kbd></ruby></blockquote>
            <output id="wevui"><sup id="wevui"><li id="wevui"></li></sup></output><big id="wevui"></big>

              1. <meter id="wevui"><menuitem id="wevui"><acronym id="wevui"></acronym></menuitem></meter>
                <wbr id="wevui"><code id="wevui"></code></wbr>

                1. 
                  
                  <code id="wevui"></code><blockquote id="wevui"><ruby id="wevui"><kbd id="wevui"></kbd></ruby></blockquote>
                  <output id="wevui"><sup id="wevui"><li id="wevui"></li></sup></output><big id="wevui"></big>