Fix sql injection in sql-admin-manager plugin
This bug was found as part of justCTF 2020 in the PainterHell challenge by cypis. Thank you! Admins with the root flag could inject their own queries towards the admin database connection. The sql-admin-manager plugin is disabled by default.
This commit is contained in:
Peace-Maker
peace-maker
parent
a615c139e6
commit
91a1fd074b
@ -789,7 +789,7 @@ public Action Command_AddAdmin(int client, int args)
|
|||||||
|
|
||||||
DBResultSet rs;
|
DBResultSet rs;
|
||||||
|
|
||||||
Format(query, sizeof(query), "SELECT id FROM sm_admins WHERE authtype = '%s' AND identity = '%s'", authtype, identity);
|
Format(query, sizeof(query), "SELECT id FROM sm_admins WHERE authtype = '%s' AND identity = '%s'", authtype, safe_identity);
|
||||||
if ((rs = SQL_Query(db, query)) == null)
|
if ((rs = SQL_Query(db, query)) == null)
|
||||||
{
|
{
|
||||||
return DoError(client, db, query, "Admin retrieval query failed");
|
return DoError(client, db, query, "Admin retrieval query failed");
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user