Headline
CVE-2014-125046: Added protection from sql injection and dubug flag · Seiji42/cub-scout-tracker@b4bc1a3
A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The name of the patch is b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551.
@@ -20,69 +20,79 @@ function hashPassword(password) return hash; }
function selectAdult(username, connection) function insertAdult(firstName, lastName, username, password, packNumber, leaderType, rankType, phoneNumber, connection) { var strQuery = “SELECT * FROM adult WHERE username= '” +connection.escape(username)+"’"; var temp= selectAdult(username, connection);
if(temp.databaseObject.adult_id<1) { return temp; } var strQuery = “INSERT INTO adult VALUES('"+ connection.escape(firstName) +"’, '"+ connection.escape(lastName) +"’, '"+ connection.escape(username) +"’, '"+ connection.escape(hashPassword(password)) +"’, '"+ connection.escape(packNumber) +"’, '"+ connection.escape(leaderType) +"’, '"+ connection.escape(rankType) +"’, '"+ connection.escape(phoneNumber) +"’, ‘NULL’)“;
connection.query( strQuery, function(err, rows) {if(err) { throw err; }else{ temp= rows[0]; temp.password=""; temp= new Adult(row[0]); if(debug) {console.log(“SelectAdult \n"+rows[0]+"\n”);} return temp; {console.log(“insertAdult \n"+rows[0]+"\n”);}
return addScoutsToParent(temp); } }); }
function validateAdult(username, password, connection) function selectAdult(username, connection) { var strQuery = “SELECT * FROM adult WHERE username= '” +connection.escape(username)+"’” +"AND password= '” + hashPassword(password)+"’"; var strQuery = “SELECT * FROM adult WHERE username= '” +connection.escape(username)+"’";
connection.query( strQuery, function(err, rows) {if(err) { throw err; }else{ temp= rows[0]; temp.password="";
if(debug) {console.log(“validateAdult \n"+rows[0]+"\n”);} {console.log(“SelectAdult \n"+rows[0]+"\n”);}
return temp; } }); }
function insertAdult(firstName, lastName, username, password, packNumber, leaderType, rankType, phoneNumber, connection) function validateAdult(username, password, connection) { var temp= selectAdult(username, connection); var strQuery = “SELECT * FROM adult WHERE username= '” + connection.escape(username)+"’" +"AND password= '" + connection.escape(hashPassword(password))+"’";
if(temp.databaseObject.adult_id<1) { return temp; } var strQuery = "INSERT INTO adult VALUES('"+firstName+"’, '"+lastName+"’, '"+ username + “’, '” +hashPassword(password) + “’, '” + packNumber+"’, '"+ leaderType +"’, '"+ rankType+"’, '"+phoneNumber+ "’, ‘NULL’)"; connection.query( strQuery, function(err, rows) {if(err) { throw err; }else{ temp= new Adult(row[0]); temp= rows[0]; temp.password="";
if(debug) {console.log(“insertAdult \n"+rows[0]+"\n”);} return addScoutsToParent(temp); {console.log(“validateAdult \n"+rows[0]+"\n”);}
return temp; } }); }
function updateAdult(firstName, lastName, username, password, packNumber, leaderType, rankType, phoneNumber,adultID, connection) { @@ -94,26 +104,37 @@ function updateAdult(firstName, lastName, username, password, packNumber, leaderType, rankType, phoneNumber,-1); return temp; } var strQuery = "UPDATE adult SET first_name="+firstName+", last_name="+lastName+", username="+ username + “, password=” +hashPassword(password) + “, pack_number=” + packNumber+", leader_type="+ leaderType +", rank_type="+ rankType+", phone_number="+phoneNumber+ "WHERE adult_id="+id; var strQuery = "UPDATE adult SET "+ “first_name=” +connection.escape(firstName) + “, last_name=” +connection.escape(lastName) + “, username=” +connection.escape(username) + “, password=” +connection.escape(hashPassword(password))+ “, pack_number=” +connection.escape(packNumber) + “, leader_type=” +connection.escape(leaderType) + “, rank_type=” +connection.escape(rankType) + ", phone_number="+connection.escape(phoneNumber) + "WHERE adult_id="+connection.escape(id); connection.query( strQuery, function(err, rows) {if(err) { throw err; }else{ temp= new Adult(row[0]); if(debug) {console.log(“UpdateAdult \n"+rows[0]+"\n”);}
return addScoutsToParent(temp); } }); }
function insertAchievement(name, description, categoryID, numElectives, connection) { var strQuery = “INSERT INTO achievement VALUES('"+name+"’, '” + description + “’, '” + categoryID +"’, '"+ numElectives+ "’, ‘NULL’)"; var strQuery = "INSERT INTO achievement VALUES('"+ connection.escape(name) +"’, '"+ connection.escape(description) +"’, '"+ connection.escape(categoryID) +"’, '"+ connection.escape(numElectives) +"’, ‘NULL’)";
connection.query( strQuery, function(err, rows) {if(err) { throw err; @@ -127,8 +148,12 @@ function insertAchievement(name, description, categoryID, numElectives, connecti
function insertCategory(name, description, rankID, numAchievments, connection) { var strQuery = “INSERT INTO category VALUES('"+name+"’, '” + description + “’, '” + rankID+"’, '"+numAchievments+ "’, ‘NULL’)"; var strQuery = "INSERT INTO category VALUES('"+ connection.escape(name) +"’, '"+ connection.escape(description) +"’, '"+ connection.escape(rankID) +"’, '"+ connection.escape(numAchievments) +"’, ‘NULL’)";
connection.query( strQuery, function(err, rows) {if(err) { throw err; @@ -142,7 +167,9 @@ function insertCategory(name, description, rankID, numAchievments, connection)
function insertRank(name, description, connection) { var strQuery = “INSERT INTO rank VALUES('"+name+"’, '” + description + "’, ‘NULL’)"; var strQuery = "INSERT INTO rank VALUES('"+ connection.escape(name) +"’, '"+ connection.escape(description) +"’, ‘NULL’)";
connection.query( strQuery, function(err, rows) {if(err) { @@ -158,8 +185,11 @@ function insertRank(name, description, connection) function insertRecord(recordRankType, dateDone,requirementID, scoutID, connection) { var strQuery = “INSERT INTO record VALUES('"+recordRankType+"’, '” + dateDone + “’, '” +requirementID+"’, '"+scoutID+"’, ‘NULL’)"; var strQuery = "INSERT INTO record VALUES('"+ connection.escape(recordRankType) +"’, '"+ connection.escape(dateDone) +"’, '"+ connection.escape(requirementID) +"’, '"+ connection.escape(scoutID) +"’, ‘NULL’)";
connection.query( strQuery, function(err, rows) {if(err) { @@ -174,8 +204,12 @@ function insertRecord(recordRankType, dateDone,requirementID,
function insertRequirement(name, description, achievementID, reqElec, connection) { var strQuery = “INSERT INTO requirement VALUES('"+name+"’, '” + description + “’, '” + achievementID+"’, '"+reqElec+ "’, ‘NULL’)“; var strQuery = “INSERT INTO requirement VALUES('"+ connection.escape(name) +"’, '” + connection.escape(description) +"’, '” + connection.escape(achievementID) +"’, '"+ connection.escape(reqElec) +"’, ‘NULL’)";
connection.query( strQuery, function(err, rows) {if(err) { throw err; @@ -190,8 +224,15 @@ function insertRequirement(name, description, achievementID, reqElec, connection function insertScout(firstName, lastName, birthDate, packNumber, rankType, parentID, leaderID, connection) { var strQuery = “INSERT INTO scout VALUES('"+firstName+"’, '” +lastName+"’, '"+ birthDate + “’, '” + packNumber + "’, '"+ rankType+"’, '"+parentID+", "+leaderID+"’, ‘NULL’)"; var strQuery = "INSERT INTO scout VALUES('"+ connection.escape(firstName) +"’, '"+ connection.escape(lastName) +"’, '"+ connection.escape(birthDate) +"’, '"+ connection.escape(packNumber) +"’, '"+ connection.escape(rankType) +"’, '"+ connection.escape(parentID) +"’, '"+ connection.escape(leaderID) +"’, ‘NULL’)";
connection.query( strQuery, function(err, rows) {if(err) { throw err; @@ -204,11 +245,17 @@ function insertScout(firstName, lastName, birthDate, }
function updateScout(firstName, lastName, birthDate,packNumber, rankType, parentID, leaderID, scoutID, connection) rankType, parentID, leaderID, scoutID, connection) { var strQuery = “UPDATE scout SET first_name="+firstName+", last_name="+lastName+", birth_date="+ + “, pack_number=” + + “, rank_type=” + packNumber+", parent_id="+ leaderType +", leader_id="+ rankType+” WHERE scout_id="+id; var strQuery = "UPDATE scout SET "+ “first_name=” +connection.escape(firstName) + “, last_name=” +connection.escape(lastName) + “, birth_date=” +connection.escape(birthdate) + “, pack_number=” +connection.escape(packNumber) + “, rank_type=” + connection.escape(rankType) + “, parent_id=” +connection.escape(parentID) + “, leader_id=” + connection.escape(leaderID) + " WHERE scout_id="+connection.escape(id); connection.query( strQuery, function(err, rows) {if(err) { throw err; @@ -222,7 +269,7 @@ function updateScout(firstName, lastName, birthDate,packNumber,
function addScoutsToParent(adult, connection) { var strQuery = “SELECT * FROM scout WHERE parent_id= '” +adult.rowID+"’"; var strQuery = “SELECT * FROM scout WHERE parent_id= '” +connection.escape(adult.rowID)+"’";
connection.query( strQuery, function(err, rows) {if(err) {