We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In the pointdata2.php file, you can use the GET parameter "id" to execute your own SQL statements. An example exploit is:
/twmap3/data/ajaxCRUD/pointdata2.php?id=1%20OR%201=1
The problem can be solved by first escaping the parameter (line 12): $id = mysqli_real_escape_string ($mysqliConn, $_GET ['id']);
In addition, the parameter must then be put into a string environment in the query (line 22): $sql. = "where id = '$id'";
After that, the $id parameter can no longer be misused for SQL injection attacks.
The vulnerability also exists in the ajaxCRUD_old directory
The text was updated successfully, but these errors were encountered:
#42 fix SQL-Injection
babbec7
No branches or pull requests
In the pointdata2.php file, you can use the GET parameter "id" to execute your own SQL statements. An example exploit is:
/twmap3/data/ajaxCRUD/pointdata2.php?id=1%20OR%201=1
The problem can be solved by first escaping the parameter (line 12):
$id = mysqli_real_escape_string ($mysqliConn, $_GET ['id']);
In addition, the parameter must then be put into a string environment in the query (line 22):
$sql. = "where id = '$id'";
After that, the $id parameter can no longer be misused for SQL injection attacks.
The vulnerability also exists in the ajaxCRUD_old directory
The text was updated successfully, but these errors were encountered: