Rocket.chat: SQL injection security bug on Rocket.chat

Created on 19 May 2016  路  3Comments  路  Source: RocketChat/Rocket.Chat

Hi guy,

I install the lastest version of rocket.chat (0.31), but it has security bug as below. How is fix it ?

High:
wpoison (nasl version)
Risk:High
Application:https
Port:443
Protocol:tcp
ScriptID:11139
The following URLs seem to be vulnerable to BLIND SQL injection
techniques :
/a24a245b3b0c75ee0eef646c0de8c3ed18a3a470.css?meteor_css_resource=true+AND+1=1
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.

picture antn89

Most helpful comment

LOL

picture raphapy on 20 Jun 2018
😄2

All 3 comments

We dont use SQL, so this is incorrect.

engelgabriel picture engelgabriel on 19 May 2016
😄2

Thank you,

antn89 picture antn89 on 19 May 2016

LOL

raphapy picture raphapy on 20 Jun 2018
😄2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

karlprieb picture karlprieb  路  3Comments
lunitic picture lunitic  路  3Comments
brendanheywood picture brendanheywood  路  3Comments
zeigerpuppy picture zeigerpuppy  路  3Comments
neha1deshmukh picture neha1deshmukh  路  3Comments