Hello, I found a SQL injection vulnerability in the post.php file. The post parameters in this file were not input filtered, and were directly brought into the database for query, which led to the vulnerability.
poc: post=1 and sleep(2) --
Delay the program for 2 seconds to query the data
To fix this vulnerability, you can use prepared statements like this:
$query = "SELECT * FROM posts WHERE post_id = ?";
$stmt = $sysConnect->prepare($sql);
$stmt->bind_param("i", $query);
$stmt->execute();
$result=$stmt->fetch();
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
None yet
1 participant
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.
Hello, I found a SQL injection vulnerability in the post.php file. The post parameters in this file were not input filtered, and were directly brought into the database for query, which led to the vulnerability.

poc: post=1 and sleep(2) --

Delay the program for 2 seconds to query the data
To fix this vulnerability, you can use prepared statements like this:
$query = "SELECT * FROM posts WHERE post_id = ?";
$stmt = $sysConnect->prepare($sql);
$stmt->bind_param("i", $query);
$stmt->execute();
$result=$stmt->fetch();
The text was updated successfully, but these errors were encountered: