Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SQLi Injection #47

Closed
HiddenMotives opened this issue Nov 12, 2015 · 6 comments
Closed

SQLi Injection #47

HiddenMotives opened this issue Nov 12, 2015 · 6 comments

Comments

@HiddenMotives
Copy link

Please take a look at using Prepared Statements the ServerAuthWebAPI.php is just waiting to be exploited. Way too many SQL Injections exist.

For example:

<?php
//Include ServerAuth Web API
include 'ServerAuthWebAPI.php';
//Player to check
$player = "1' or '1' = '1";
//Initialize a ServerAuthWebAPI instance (put your ServerAuth MySQL data)
$api = new ServerAuthWebAPI("host", 3306, "username", "password", "serverauth", "srvauth_");
var_dump($api->isPlayerRegistered($player));
?>

Where $player = "1' or '1' = '1";
to demonstrate this issue. The result would be true.
@PEMapModder
Copy link
Contributor

Personally I think that using escape_string() is easier :)

@HiddenMotives
Copy link
Author

Easy but not as effective and if its not as effective that defeats the purpose.

@PEMapModder
Copy link
Contributor

But at least it covers the vulnerability :)

@HiddenMotives
Copy link
Author

No it would not be sufficient for a web application it at this level. You need to use prepared statements.

@PEMapModder
Copy link
Contributor

why?

@Flavius12 Flavius12 mentioned this issue Nov 12, 2015
Closed
8 tasks
@Flavius12
Copy link
Member

Fixed in v2.12

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@HiddenMotives @PEMapModder @Flavius12