Skip to content
Permalink
Browse files Browse the repository at this point in the history
sql injection
Client uncovered sql injection attack in reference to xsession.
  • Loading branch information
MrBenGriffin committed Apr 28, 2017
1 parent f3fe365 commit cbd255f
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/Session.php
Expand Up @@ -33,9 +33,9 @@ public static function mutate() {
$code = @$_SERVER['REMOTE_ADDR'] . @$_SERVER['SSL_SESSION_ID'] . "_wxf9[9]Z(9.2)";
$vector = $_SERVER['SCRIPT_URI'] . "37b807ea4118db8d";
$mutated = hash('sha256', openssl_encrypt(gzdeflate($session), "aes-256-cbc", $code, OPENSSL_RAW_DATA, substr($vector, 0, 16)));

Settings::$sql->query("update sio_session set id='$mutated' where id='$session'");
Settings::$sql->query("update sio_sessiondata set sid='$mutated' where sid='$session'");
$sqlSession = Settings::$sql->escape_string($session);
Settings::$sql->query("update sio_session set id='$mutated' where id='$sqlSession'");
Settings::$sql->query("update sio_sessiondata set sid='$mutated' where sid='$sqlSession'");
static::$sqlsess = $mutated;
static::$session = $mutated;
setcookie("xsession", static::$session, static::$cookieLife, '/', '', true, true); // 8640000 = 100 days
Expand Down

0 comments on commit cbd255f

Please sign in to comment.