You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found a case where progpilot missed a sql injection
This works:
$link = mysqli_connect();
mysqli_query($mysqli, 'SELECT * FROM a WHERE id = '.$_POST['id']);
But when this query is called in a function, no:
functiontest_procedural($link, $id) {
mysqli_query($link, 'SELECT * FROM table WHERE id = '.$id);
}
$link = mysqli_connect();
test_procedural($link, $_POST['id']); // should trigger, but no
The error occurs both in the procuderal and object way. So the behavior is the same here:
functiontest_object($mysqli, $id) {
$mysqli->query('SELECT * FROM table WHERE id = '.$id);
}
$mysqli = new mysqli('host', 'user', 'password', 'database');
test_object($mysqli, $_POST['id']); // should trigger, but no$mysqli->query('SELECT * FROM table WHERE id = '.$_POST['id']); // triggers
Here is how I launched the test:
$ php8.3 progpilot_v1.1.0.phar test1.php
[]
(just to precise: the result is the same with php8.2 and 8.1)
For me, the call inside the function should trigger a sql injection, as the variable in the signature is not casted. For example, this should be OK, as we are now sure that $id is an int:
functiontest_procedural(mysqli$link, int$id) {
mysqli_query($link, 'SELECT * FROM table WHERE id = '.$id);
}
The text was updated successfully, but these errors were encountered:
I found a case where progpilot missed a sql injection
This works:
But when this query is called in a function, no:
The error occurs both in the procuderal and object way. So the behavior is the same here:
Here is how I launched the test:
(just to precise: the result is the same with php8.2 and 8.1)
For me, the call inside the function should trigger a sql injection, as the variable in the signature is not casted. For example, this should be OK, as we are now sure that
$id
is anint
:The text was updated successfully, but these errors were encountered: