Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
[security] CVE-2020-7229, SQL injection in search function #7
Description: An issue was discovered in Simplejobscript.com SJS before 1.65. There is
Steps to Reproduce:
how can we test this vulnerability live at website when searching? (not from command line tool or some website scans)
Let me know so we can look more closely into this.
Thank you for reporting.
Use the following POST datas on your demo homepage
You'll get a blank page which is enough to prove there is something wrong.
could you please try and open "controllers/page_landing_searched.php" and add:
the bolded text? Or pull the latest commit. To see if this helps prevent the SQL injection.
Sorry, but that fix doesn't work because there is nothing to escape in the evil query, no single/doubles quotes. However since
It works pretty well.
To test all of this I strongly recommend to try Sqlmap
Hello and thank you for your help!
I have make the change and typecasted it to integer.
I assume the issue can be closed now. Do let us know if this needs more attention and