HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #46
From team gongbaojiding
New advisory by : js
Affected service(s): ultrashare
Severity [lmh] : medium
===== Problem =====
In line 210 of db.rb, there is an unescaped use of the variable user.
===== Impact =====
Arbitrary SQL queries can be executed.
===== Fix =====
Change owner='#{user}' to owner=? and append user as a parameter to @db.execute.
Rating
[1] Yes! It s a sql injection