700 - ' character exception on www.curse.com searches
What steps will reproduce the problem?
1. Search the ' character or any addon names containing it on http://www.curse.com
What is the expected output? What do you see instead?
The search throws an exception:
Incorrect syntax near '*'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException Incorrect syntax near '*'.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
At what time and date (year, month, day) did you get this bug? (Include your timezone)
13:47 October 7, GMT+1
Please provide any additional information below.
Stack Trace:
[SqlException (0x80131904): Incorrect syntax near '*'.]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +212
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +245
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +2811
System.Data.SqlClient.SqlDataReader.SetMetaData(_SqlMetaDataSet metaData, Boolean moreInfo) +213
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +594
System.Data.SqlClient.SqlDataReader.ConsumeMetaData() +87
System.Data.SqlClient.SqlDataReader.get_MetaData() +112
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +2476500
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +2478033
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +424
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +28
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +211
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior) +87
Curse.Components.Search.FullTextSearchProvider.Search(SearchQuery pQuery) in C:\Users\cpaul\Projects\CurseGood\Curse.Components\Search\FullTextSearchProvider.cs:82
CommunityServer.Components.CSSearch.Search(SearchQuery query) +44
CommunityServer.Controls.IndexPostList.get_DataSource() +2145
System.Web.UI.WebControls.Repeater.ConnectToDataSourceView() +268
System.Web.UI.WebControls.Repeater.OnLoad(EventArgs e) +24
CommunityServer.Controls.PreTemplatedWrappedRepeaterBase.OnLoad(EventArgs e) +16
System.Web.UI.Control.LoadRecursive() +66
System.Web.UI.Control.LoadRecursive() +191
System.Web.UI.Control.LoadRecursive() +191
System.Web.UI.Control.LoadRecursive() +191
System.Web.UI.Control.LoadRecursive() +191
System.Web.UI.Control.LoadRecursive() +191
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428
- 2 comments
- 2 comments
Facts
- Last updated on
- 17 Feb 2009
- Reported on
- 05 Oct 2008
- Status
- Fixed - Developer made requested changes. QA should verify.
- Type
- Defect - A shortcoming, fault, or imperfection
- Priority
- Medium - Normal priority.
- #2
Allara Mon, 13 Oct 2008 20:13:26L2sql people. Very very bad SQL injection vulnerability! Someone needs a very stern reprimand and a better code review process.
EDIT: This appears to have been fixed! Should close the ticket.
- #1
anmoch Sun, 05 Oct 2008 13:47:07This smells of an SQL injection vulnerability and should be fixed Real Soon.