New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL Injection in lgin.htm #4

Closed
Ali-Albakara opened this Issue Sep 19, 2017 · 4 comments

Comments

Projects
None yet
2 participants
@Ali-Albakara

Ali-Albakara commented Sep 19, 2017

As lgin.htm tries to grab the user's IP, it prioritizes HTTP_X_FORWARDED_FOR before REMOTE_ADDR. REMOTE_ADDR can be trusted not to be manipulated by the user however HTTP_X_FORWARDED_FOR is very easily manipulated. It needs validation of being a valid IP address. Look into filter_var()

@Ali-Albakara

This comment has been minimized.

Show comment
Hide comment
@Ali-Albakara

Ali-Albakara Sep 19, 2017

Same issue is present in reg.html

Ali-Albakara commented Sep 19, 2017

Same issue is present in reg.html

@Ali-Albakara

This comment has been minimized.

Show comment
Hide comment
@Ali-Albakara

Ali-Albakara Sep 19, 2017

More SQL Injection in reg.html

$sql = "INSERT INTO accounts(username,email,password,regip,reghash) VALUES('".$_REQUEST['username']."', '".$_REQUEST['email']."', '$encpass', '$ip', '$reghash')";

$_REQUEST['username'] is not sanitized nor validated

Ali-Albakara commented Sep 19, 2017

More SQL Injection in reg.html

$sql = "INSERT INTO accounts(username,email,password,regip,reghash) VALUES('".$_REQUEST['username']."', '".$_REQUEST['email']."', '$encpass', '$ip', '$reghash')";

$_REQUEST['username'] is not sanitized nor validated

@Eleix

This comment has been minimized.

Show comment
Hide comment
@Eleix

Eleix Sep 20, 2017

Owner

Status Update: Fixed in dev source (Awaiting Push)

Owner

Eleix commented Sep 20, 2017

Status Update: Fixed in dev source (Awaiting Push)

@Eleix

This comment has been minimized.

Show comment
Hide comment
@Eleix

Eleix Jun 1, 2018

Owner

A CVE was assigned for this issue:
CVE-2017-1000444

Owner

Eleix commented Jun 1, 2018

A CVE was assigned for this issue:
CVE-2017-1000444

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment