Hi all,
Currenly, I’m in process of implementing in Banking sector :). During the security penetration, security team discover a high security bug in Report View. Here is the log:
Form Dict: {
"cmd": "frappe.desk.reportview.get",
"doctype": "Opportunity",
"fields": "[\"`tabOpportunity`.`name`\",\"`tabOpportunity`.`owner`\",\"`tabOpportunity`.`docstatus`\",\"`tabOpportunity`.`_user_tags`\",\"`tabOpportunity`.`_comments`\",\"`tabOpportunity`.`modified`\",\"`tabOpportunity`.`modified_by`\",\"`tabOpportunity`.`_assign`\",\"`tabOpportunity`.`_liked_by`\",\"`tabOpportunity`.`_seen`\",\"`tabOpportunity`.`title`\",\"`tabOpportunity`.`naming_series`\",\"`tabOpportunity`.`sale_stage`\",\"`tabOpportunity`.`customer_name`\",\"`tabOpportunity`.`opportunity_type`\",\"`tabOpportunity`.`enquiry_from`\",\"`tabOpportunity`.`status`\"]",
"filters": "[[\"Opportunity\",\"/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/etc/passwd\",\"=\",\"Open\"]]",
"order_by": "`tabOpportunity`.`modified` desc",
"page_length": "20",
"start": "0",
"user_settings": "{\"updated_on\":\"Fri Aug 10 2018 09:57:15 GMT+0700\",\"last_view\":\"List\",\"List\":{\"order_by\":\"`tabOpportunity`.`modified` desc\",\"filters\":[[\"Opportunity\",\"status\",\"=\",\"Open\"]]}}",
"with_comment_count": "true"
}
Request Error
Traceback (most recent call last):
File "/home/frappe/frappe-bench/apps/frappe/frappe/app.py", line 62, in application
response = frappe.handler.handle()
File "/home/frappe/frappe-bench/apps/frappe/frappe/handler.py", line 22, in handle
data = execute_cmd(cmd)
File "/home/frappe/frappe-bench/apps/frappe/frappe/handler.py", line 53, in execute_cmd
return frappe.call(method, **frappe.form_dict)
File "/home/frappe/frappe-bench/apps/frappe/frappe/__init__.py", line 939, in call
return fn(*args, **newargs)
File "/home/frappe/frappe-bench/apps/frappe/frappe/desk/reportview.py", line 21, in get
data = compress(execute(**args), args = args)
File "/home/frappe/frappe-bench/apps/frappe/frappe/desk/reportview.py", line 26, in execute
return DatabaseQuery(doctype).execute(*args, **kwargs)
File "/home/frappe/frappe-bench/apps/frappe/frappe/model/db_query.py", line 88, in execute
result = self.build_and_run()
File "/home/frappe/frappe-bench/apps/frappe/frappe/model/db_query.py", line 112, in build_and_run
return frappe.db.sql(query, as_dict=not self.as_list, debug=self.debug, update=self.update)
File "/home/frappe/frappe-bench/apps/frappe/frappe/database.py", line 176, in sql
self._cursor.execute(query)
File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/pymysql/cursors.py", line 170, in execute
result = self._query(query)
File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/pymysql/cursors.py", line 328, in _query
conn.query(q)
File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/pymysql/connections.py", line 893, in query
self._affected_rows = self._read_query_result(unbuffered=unbuffered)
File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/pymysql/connections.py", line 1103, in _read_query_result
result.read()
File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/pymysql/connections.py", line 1396, in read
first_packet = self.connection._read_packet()
File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/pymysql/connections.py", line 1059, in _read_packet
packet.check_error()
File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/pymysql/connections.py", line 384, in check_error
err.raise_mysql_exception(self._data)
File "/home/frappe/frappe-bench/env/local/lib/python2.7/site-packages/pymysql/err.py", line 109, in raise_mysql_exception
raise errorclass(errno, errval)
ProgrammingError: (1064, u"You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%' at line 1")