On one of the projects I maintain we had some major penetration testing done, that reveled an issue with the Captcha Image module.

By going to this URL:
https://domain.com/image_captcha?sid%5b0%5d=%7b$%7bprint(md5(whscheck))%7d%7d&sid%5b1%5d=%7b$%7bprint(md5(whscheck))%7d%7d&=78443&ts=1407892707

This is the error we were getting:

PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' '{${print(md5(whscheck))}}'' at line 1: SELECT solution FROM {captcha_sessions} WHERE csid = :csid_0, :csid_1; Array ( [:csid_0] => {${print(md5(whscheck))}} [:csid_1] => {${print(md5(whscheck))}} ) in image_captcha_image() (line 28 of /htdocs/sites/all/modules/captcha/image_captcha/image_captcha.user.inc).
The website encountered an unexpected error. Please try again later.

Patch fixing that will follow in next post.

CommentFileSizeAuthor
#2 captcha-pen_test_fail-2324731-2.patch422 bytesturek
#1 captcha-pen_test_fail-2324731-1.patch424 bytesturek

Comments

turek’s picture

turek commented
StatusFileSize
new captcha-pen_test_fail-2324731-1.patch424 bytes

and a simple patch to get rid of that error...

turek’s picture

turek commented
StatusFileSize
new captcha-pen_test_fail-2324731-2.patch422 bytes

Sorry guys, but the previous patch had an error, this one is correct.

wundo’s picture

wundo commented
Status: Needs review » Fixed

The last patch was also buggy, I fixed myself and committed the fix.

  • wundo committed 9b39e1b on 7.x-1.x 
    Issue #2324731 by Turek, wundo: Prevents PDO error

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.