Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker crashed when using SQLi on sqlite_master table. #301

Closed
thefishermanhacker opened this issue Apr 27, 2017 · 8 comments
Closed

Docker crashed when using SQLi on sqlite_master table. #301

thefishermanhacker opened this issue Apr 27, 2017 · 8 comments
Assignees
@bkimminich
Labels
bug

Comments

@thefishermanhacker
Copy link

Hi,

Docker is crashing once I tried to test SQLi on the login page with sqlite_master table.
Scenario:

  1. Start your juice-shop via a docker.
  2. Go to the login page.
  3. Set the following injection: ' union select name,2,3,4,null from sqlite_master--
  4. Docker will be crashed.

Example of request:

POST /rest/user/login HTTP/1.1
Host: 10.15.50.45:3000
........
........
{"email":"' union select name,2,3,4,null from sqlite_master--","password":"12334445"}

If someone didn't saved the state of that docker all his/her challenges will be deleted.

Cheers.
@bkimminich
Copy link
Member

Thanks for the report! I'll look into it. Would expect the same to happen in the local installation w/o Docker as well.

Regarding lost hacking state: When you regularly save your progress on the Score Board, you can restore your progress after a crash, as long as you didn't clear your browser cookies in between!

@thefishermanhacker
Copy link
Author

thefishermanhacker commented Apr 27, 2017
edited
Loading

I'm using docker and I tried this option and it didn't work as expected.
Before the crash I clicked save then I did the crash.
After the docker started no data was saved and the restore option got disabled attribute.
(No cookies were deleted and I used the save and I used the same browser and the same tab) I just clicked on refresh.

@bkimminich
Copy link
Member

I just tried it myself and can confirm the server crash:

C:\Data\Github\juice-shop\node_modules\sqlite3\lib\trace.js:27
                    throw err;
                    ^

TypeError: Cannot read property 'dataValues' of undefined
    at Object.exports.queryResultToJson (C:\Data\Github\juice-shop\lib\utils.js:34:33)
    at Query.<anonymous> (C:\Data\Github\juice-shop\routes\login.js:40:26)
    at emitOne (events.js:96:13)
    at Query.emit (events.js:188:7)
    at Query.module.exports.CustomEventEmitter.emit (C:\Data\Github\juice-shop\node_modules\sequelize\lib\emitters\custom-event-emitter.js:61:33)
    at Query.onSuccess (C:\Data\Github\juice-shop\node_modules\sequelize\lib\dialects\sqlite\query.js:181:10)
    at Statement.<anonymous> (C:\Data\Github\juice-shop\node_modules\sequelize\lib\dialects\sqlite\query.js:52:25)
--> in Database#all('SELECT * FROM Users WHERE email = \'\' union select name,2,3,4,null from sqlite_master--\' AND password = \'827ccb0eea8a706c4c34a16891f84e7b\'', [Function])
    at executeSql (C:\Data\Github\juice-shop\node_modules\sequelize\lib\dialects\sqlite\query.js:43:54)
    at Database.<anonymous> (C:\Data\Github\juice-shop\node_modules\sequelize\lib\dialects\sqlite\query.js:67:11)
    at Query.module.exports.Query.run (C:\Data\Github\juice-shop\node_modules\sequelize\lib\dialects\sqlite\query.js:34:19)
    at ConnectorManager.module.exports.ConnectorManager.query (C:\Data\Github\juice-shop\node_modules\sequelize\lib\dialects\sqlite\connector-manager.js:44:70)
    at TransactionManager.query (C:\Data\Github\juice-shop\node_modules\sequelize\lib\transaction-manager.js:52:49)
    at Sequelize.module.exports.Sequelize.query (C:\Data\Github\juice-shop\node_modules\sequelize\lib\sequelize.js:330:36)
    at C:\Data\Github\juice-shop\routes\login.js:38:22
    at Layer.handle [as handle_request] (C:\Data\Github\juice-shop\node_modules\express\lib\router\layer.js:95:5)
    at next (C:\Data\Github\juice-shop\node_modules\express\lib\router\route.js:137:13)

@bkimminich bkimminich self-assigned this Apr 27, 2017
@thefishermanhacker
Copy link
Author

Added some documents I found, I assume you already read about it, but its better to have it in that bug as well.
trace.js:27

@bkimminich
Copy link
Member

Fixed. I suppose this doesn't require a hotfix release? Would be released with the next regular v2.27.0 which is coming soon anyway.

@thefishermanhacker
Copy link
Author

Thanks, I think you can put it on the regular release.
BTW, Do you want me to open new bug about restore challenges? I think once the docker crashed the cookies clear with it.

@bkimminich
Copy link
Member

Yes, please do, because that requires some investigation... the cookie should have nothing to do with Docker, actually: It's just saved for that hostname in your browser. As long as you restart the Docker container on the same hostname, it should just recognize the cookie again.

@thefishermanhacker thefishermanhacker mentioned this issue Apr 27, 2017
Closed
bkimminich added a commit that referenced this issue May 24, 2017
@bkimminich
rebase with v3.2.0 (#320)
bfe12fd 
* Add HH-Stammtisch and AppSecEU

* Replace logo with 2017 artwork

* Fix 50x60 logo transparency

* Use 100px logo in title

* Use CTF logo in CTF-mode

* Extend check for undefined results
(fixes #301)

* Corrected contribution links

* Update favicons

* Update products with new logos

* Fix girlie shirt image

* Fix girlie shirt image

* Add CTF sticker as product

* Remove `imageUrl` config property
(now parses `image` to handle it as either a file or URL)

* Remove `alt` for logo
(to avoid spoilers)

* Simplify configuration file
(URL- and file-based images are handled depending on http-prefix)

* Ignore all custom logos, icons and product images

* Use template for index.html
(to prevent accidental commits of customized index.html)

* Bump to v3.0.0-SNAPSHOT
(due to incompatible changes in config syntax)

* Update config documentation

* Fix test expectation
(checked for string in HTML that was removed)

* Delete index.html

* Make visibility of GitHub ribbon configurable

* Fix default behavior and tests for GitHub ribbon

* Prevent custom config YAMLs from being committed accidentally

* Use Twitter/Facebook URLs from config

* Use logos from `master` branch

* Update logos

* v3.0.0

* Extend lists of contributors and credits

* Add missing index.template.html to packaged distributions

* Add "2 Hour Hacking: Juice Shop" in LA

* Allow OAuth for Heroku via HTTP
(resolves #311)

* v3.1.0-SNAPSHOT

* Implement MVP for challenge hints
(basis for further discussion of #305)

* Extend hint MVP with links to ebook

* Implement proper tooltips for challenge hints and flag-code resend

* Add challenge hints and ebook-links
(for #305)

* Add hints and ebook-links for some challenges
(for #305)

* Switch to CommonMark

* Add remaining hints

* Added Scoreboard Autoupdate as suggested in #307.

The challange controller responsible for the scoreboard is now listining to the 'challenge solved' web socket
and will update the model automaticly when a new challenge was solved.

* Add missing `cd juice-shop`
(to "From Sources" setup)

* Allow OAuth for Heroku via HTTP
(resolves #311)

* v3.1.0-SNAPSHOT

* Implement MVP for challenge hints
(basis for further discussion of #305)

* Extend hint MVP with links to ebook

* Implement proper tooltips for challenge hints and flag-code resend

* Add challenge hints and ebook-links
(for #305)

* Add hints and ebook-links for some challenges
(for #305)

* Switch to CommonMark

* Add remaining hints

* Added Scoreboard Autoupdate as suggested in #307.

The challange controller responsible for the scoreboard is now listining to the 'challenge solved' web socket
and will update the model automaticly when a new challenge was solved.

* Continue Code will now be automaticly saved into the cookie once a challenge is completed.

Fixes Problem as discussed in #309.

* Revert #314

* v3.1.0

* Update maturity level & web links

* Add speakers and London Chapter session

* Avoid draft release issues
travis-ci/travis-ci#6132 (comment)

* Pass in tag_name
(as proposed by @p120ph37)

* Split Node.js meetup talks

* Reformat MD into CommonMark

* Move from Huboard to Waffle.io

* Use single ` for inline code
(instead of ```)

* Update compatible dependencies

* New Crowdin translations (#312)

* New translations en.json (Czech)

* New translations en.json (Dutch)

* New translations en.json (Romanian)

* New translations en.json (Hungarian)

* New translations en.json (Danish)

* New translations en.json (Indonesian)

* New translations en.json (German)

* New translations en.json (Spanish)

* New translations en.json (Turkish)

* New translations en.json (Norwegian)

* New translations en.json (French)

* New translations en.json (Burmese)

* New translations en.json (Arabic)

* New translations en.json (Swedish)

* New translations en.json (Portuguese)

* New translations en.json (Klingon)

* New translations en.json (Russian)

* New translations en.json (Italian)

* New translations en.json (Estonian)

* New translations en.json (Greek)

* New translations en.json (Japanese)

* New translations en.json (Lithuanian)

* New translations en.json (Latvian)

* New translations en.json (Finnish)

* New translations en.json (Polish)

* New translations en.json (Chinese Simplified)

* New translations en.json (German)

* New translations en.json (Spanish)

* New translations en.json (Czech)
bkimminich added a commit that referenced this issue May 24, 2017
@bkimminich
pull from with master (#321)
7272893 
* Add HH-Stammtisch and AppSecEU

* Replace logo with 2017 artwork

* Fix 50x60 logo transparency

* Use 100px logo in title

* Use CTF logo in CTF-mode

* Extend check for undefined results
(fixes #301)

* Corrected contribution links

* Update favicons

* Update products with new logos

* Fix girlie shirt image

* Fix girlie shirt image

* Add CTF sticker as product

* Remove `imageUrl` config property
(now parses `image` to handle it as either a file or URL)

* Remove `alt` for logo
(to avoid spoilers)

* Simplify configuration file
(URL- and file-based images are handled depending on http-prefix)

* Ignore all custom logos, icons and product images

* Use template for index.html
(to prevent accidental commits of customized index.html)

* Bump to v3.0.0-SNAPSHOT
(due to incompatible changes in config syntax)

* Update config documentation

* Fix test expectation
(checked for string in HTML that was removed)

* Delete index.html

* Make visibility of GitHub ribbon configurable

* Fix default behavior and tests for GitHub ribbon

* Prevent custom config YAMLs from being committed accidentally

* Use Twitter/Facebook URLs from config

* Use logos from `master` branch

* Update logos

* v3.0.0

* Extend lists of contributors and credits

* Add missing index.template.html to packaged distributions

* Add "2 Hour Hacking: Juice Shop" in LA

* Allow OAuth for Heroku via HTTP
(resolves #311)

* v3.1.0-SNAPSHOT

* Implement MVP for challenge hints
(basis for further discussion of #305)

* Extend hint MVP with links to ebook

* Implement proper tooltips for challenge hints and flag-code resend

* Add challenge hints and ebook-links
(for #305)

* Add hints and ebook-links for some challenges
(for #305)

* Switch to CommonMark

* Add remaining hints

* Added Scoreboard Autoupdate as suggested in #307.

The challange controller responsible for the scoreboard is now listining to the 'challenge solved' web socket
and will update the model automaticly when a new challenge was solved.

* Add missing `cd juice-shop`
(to "From Sources" setup)

* Allow OAuth for Heroku via HTTP
(resolves #311)

* v3.1.0-SNAPSHOT

* Implement MVP for challenge hints
(basis for further discussion of #305)

* Extend hint MVP with links to ebook

* Implement proper tooltips for challenge hints and flag-code resend

* Add challenge hints and ebook-links
(for #305)

* Add hints and ebook-links for some challenges
(for #305)

* Switch to CommonMark

* Add remaining hints

* Added Scoreboard Autoupdate as suggested in #307.

The challange controller responsible for the scoreboard is now listining to the 'challenge solved' web socket
and will update the model automaticly when a new challenge was solved.

* Continue Code will now be automaticly saved into the cookie once a challenge is completed.

Fixes Problem as discussed in #309.

* Revert #314

* v3.1.0

* Update maturity level & web links

* Add speakers and London Chapter session

* Avoid draft release issues
travis-ci/travis-ci#6132 (comment)

* Pass in tag_name
(as proposed by @p120ph37)

* Split Node.js meetup talks

* Reformat MD into CommonMark

* Move from Huboard to Waffle.io

* Use single ` for inline code
(instead of ```)

* Update compatible dependencies
@lock
Copy link

lock bot commented Nov 4, 2019

This thread has been automatically locked because it has not had recent activity after it was closed. 🔒 Please open a new issue for regressions or related bugs.

@lock lock bot locked and limited conversation to collaborators Nov 4, 2019
crispy-peppers pushed a commit to crispy-peppers/juice-shop that referenced this issue Nov 12, 2019
@ColdHeat
Refactor Containers into a plugin (juice-shop#348)
2e41886 
* Removing Containers code
* Closes juice-shop#301
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bkimminich bkimminich

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thefishermanhacker @bkimminich