[#13180] - full mysql query appears in http status code
- Closed
- 13 Dec 2016
- Critical
- Build: 3.6.4
- # 13180
Steps to reproduce the issue
to duplicate the error, just need to make an error in any mysql query and look up the status HTTP status code in Chrome or any other tool (https://httpstatus.io/)
Expected result
The status code should be just : Error 500
Actual result
Joomla shows the entire MySQL query
Status Code:500 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?option=com_users&view=profile' at line 3 SQL=SELECT lan2guage FROM #__m2enu WHERE c3lient_id = 0 AND id =index.php?option=com_users&view=profile
System information (as much as possible)
I just downloaded and duplicated that problem on the most recent (Joomla! 3.6.4) fresh install
Additional comments
It is very dangerous, because it can be used by the remote attacker to play with the query for the MySQL injection.
The broken query should not be visible anywhere on the site, especially with $error_reporting set to "none"
joomla-cms-bot
- 
For whomever cares to fix this, as I've commented before, the issue comes down to the fact JDocumentError::render() uses the Exception/Throwable object's message for the HTTP header. This really should just be a standard header value.
Also, the JDatabaseExceptionExecuting that gets thrown from the database API has a property specifically for the SQL query that failed, the database API should be refactored to stop including the query in the Exception message since most error handling simply echoes out the Exception message. If someone needs this query the data should be logged or if you're catching those exceptions you can use $exception->getQuery().
Umm, that's exactly what this issue tracker is for, to report a bug
Even better, if you can make a change, feel free to submit it as a pull request for it to be considered for inclusion (there is no guarantee any pull request gets accepted, hence the reason I say considered).
How does one submit for pull request? I cloned the project, make a change, and then what branch do I git push it?
I think https://docs.joomla.org/Using_the_Github_UI_to_Make_Pull_Requests is the relevant "simple" documentation.
Ok. Só you can close this issue now
that works :) thank you all
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-12-13 20:53:25 |
| Closed_By | ⇒ | bell2041 |
The danger is that, this creates a sandbox for an attacker.
It means, they can now try different things and they will see how exactly does the query being structured and reacts to their modifications, and at the end they will modify the query to achieve successful execution of it.
This is very dangerous.