Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple SQLI caused by functions in `Posts.class.php` #67

Xyntax opened this issue Jan 14, 2017 · 0 comments


None yet
2 participants
Copy link

commented Jan 14, 2017


Functions getParam(), delParam() and existParam() do not filter any incoming parameters, resulting in many SQL injections.

Here is an example.

public static function editParam($param, $value, $post_id)
        $sql = "UPDATE `posts_param` SET `value` = '{$value}' WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' ";
        $q = Db::query($sql);
        if ($q) {
            return true;
        } else {
            return false;

Injection 1

pages.control.php line 165

if (Posts::existParam('multilang', $_GET['id'])) {
                                Posts::editParam('multilang', $multilang, $_GET['id']);
                            } else {
                                Posts::addParam('multilang', $multilang, $_GET['id']);

Injection 2

pages_form.php line 133

$lang = Language::getLangParam($key, $_GET['id']);

then $_GET[id] is parsed into Posts::getParam at Language.class.php line 75

public static function getLangParam($lang, $post_id)
        if (Posts::existParam('multilang', $post_id)) {
            $multilang = json_decode(Posts::getParam('multilang', $post_id), true);

Injection 3

posts_form.php line 122

if ($lang == '' || !Posts::existParam('multilang', $_GET['id'])) {

There are many similar cases, please check it later.

@semplon semplon self-assigned this Jan 14, 2017

semplon added a commit that referenced this issue Jan 15, 2017

@semplon semplon closed this Jan 21, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.