New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication Bypass Prevention through SQL Injection #2

Open
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
1 participant
@manasmbellani
Copy link

manasmbellani commented Dec 28, 2018

Dear Repository maintainer,

Hope you are going well and had a Merry Christmas.

Administrator/index.php,user/index.php(fix): Added mysqli_real_escape_string function to prevent authentication bypass issues for Administrator/user logins.

Without applying this temporary fix, it is possible for users to bypass authentication pages for user/ and Administrator/ and login as any user without knowing the password. PoC can be provided if required.

Please note that in future, use of Prepared statements in PHP is a better/more secure fix and will help to remove any other instances of sql injection.

I would like to release the PoC exploit after 2 weeks (14 days) - could you please let me know on manasmbellani@gmail if you have any queries, concerns or issues with the requested fix. I would recommend pulling this branch version and updating to the latest as soon as possible.

I will also be requesting a CVE number via CVE Mitre for this bug.

Wish you a very Happy New Year!

Thanks and Kind Regards,

Manas Bellani
manasmbellani@gmail.com

Administrator/index.php,user/index.php(fix): Added mysqli_real_escape…
…_string function to prevent authentication bypass issues for Administrator/user logins
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment