Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication Bypass Prevention through SQL Injection #2

Merged
merged 1 commit into from Jan 3, 2020

Conversation

manasmbellani
Copy link
Contributor

Dear Repository maintainer,

Hope you are going well and had a Merry Christmas.

Administrator/index.php,user/index.php(fix): Added mysqli_real_escape_string function to prevent authentication bypass issues for Administrator/user logins.

Without applying this temporary fix, it is possible for users to bypass authentication pages for user/ and Administrator/ and login as any user without knowing the password. PoC can be provided if required.

Please note that in future, use of Prepared statements in PHP is a better/more secure fix and will help to remove any other instances of sql injection.

I would like to release the PoC exploit after 2 weeks (14 days) - could you please let me know on manasmbellani@gmail if you have any queries, concerns or issues with the requested fix. I would recommend pulling this branch version and updating to the latest as soon as possible.

I will also be requesting a CVE number via CVE Mitre for this bug.

Wish you a very Happy New Year!

Thanks and Kind Regards,

Manas Bellani
manasmbellani@gmail.com

…_string function to prevent authentication bypass issues for Administrator/user logins
@nabby27 nabby27 merged commit bdc57ab into nabby27:master Jan 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants