SQL Injection in tag add function

[iflody]

There is an sql injection in tag adding function, its location is in /dapur/apps/app_article/sys_article.php

No filter has been used in the $_POST['name'];

if(isset($_POST['add_tag']) or isset($_POST['save_tag'])){
        $t = striptags($_POST['name']);
	if(!empty($t)) {
            
		$qr=$db->insert(FDBPrefix.'article_tags',array("",striptags($_POST['name']),striptags($_POST['desc']),"")); 		
		if($qr AND isset($_POST['save_tag'])){		
			notice('success',Tag_Added);	
			redirect('?app=article&view=tag');
		}
		else if($qr){ 
			$sql2 = $db->select(FDBPrefix.'article_tags','*','','id DESC'); 
			$qrs = $sql2[0];
			notice('success',Tag_Added);
			redirect("?app=article&view=tag&act=edit&id=$qrs[id]");
		}
		else {			
			notice('error',Tag_Exists,2);
		}					
	}
	else {				
		notice('error',Status_Invalid,2);
	}
}

In the database insert function, there is no filter function either, just add a couple of " beside the tag name. So when we update the tag name or add a tag name there is always the problem of sql injection.

URL: /fiyo/dapur/index.php?app=article&view=tag&act=edit&id=79
DATA: apply_tag=Simpan&id=79&name=1%22or%221&desc=1

We need a account to do this thing.

Discover: Chaitin Technology