Authentication Bypass Prevention through SQL Injection #2
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Dear Repository maintainer,
Hope you are going well and had a Merry Christmas.
Administrator/index.php,user/index.php(fix): Added mysqli_real_escape_string function to prevent authentication bypass issues for Administrator/user logins.
Without applying this temporary fix, it is possible for users to bypass authentication pages for user/ and Administrator/ and login as any user without knowing the password. PoC can be provided if required.
Please note that in future, use of Prepared statements in PHP is a better/more secure fix and will help to remove any other instances of sql injection.
I would like to release the PoC exploit after 2 weeks (14 days) - could you please let me know on manasmbellani@gmail if you have any queries, concerns or issues with the requested fix. I would recommend pulling this branch version and updating to the latest as soon as possible.
I will also be requesting a CVE number via CVE Mitre for this bug.
Wish you a very Happy New Year!
Thanks and Kind Regards,
Manas Bellani
manasmbellani@gmail.com