Skip to content
This repository has been archived by the owner on Mar 6, 2022. It is now read-only.

SQL Injection vulnerability in post.php #15

Open
cuhanboy opened this issue Jul 8, 2020 · 0 comments
Open

SQL Injection vulnerability in post.php #15

cuhanboy opened this issue Jul 8, 2020 · 0 comments

Comments

@cuhanboy
Copy link

cuhanboy commented Jul 8, 2020

Hello, I found a SQL injection vulnerability in the post.php file. The post parameters in this file were not input filtered, and were directly brought into the database for query, which led to the vulnerability.
image

poc: post=1 and sleep(2) --
Delay the program for 2 seconds to query the data
image

image

To fix this vulnerability, you can use prepared statements like this:
$query = "SELECT * FROM posts WHERE post_id = ?";
$stmt = $sysConnect->prepare($sql);
$stmt->bind_param("i", $query);
$stmt->execute();
$result=$stmt->fetch();

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant