Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unauthorized Sql Injection in admin/ajax/avatar.php #257

Closed
bkfish opened this issue Feb 16, 2022 · 2 comments
Closed

Unauthorized Sql Injection in admin/ajax/avatar.php #257

bkfish opened this issue Feb 16, 2022 · 2 comments

Comments

@bkfish
Copy link

bkfish commented Feb 16, 2022

poc

/admin/ajax/avatar.php?id=-1 union select user()%23
the user() output can be found in html source

image

analysis

file /admin/ajax/avatar.php line 7 without any filter to protect
image

repair suggestion

add some filter about id

@bkfish bkfish changed the title Unauthorized Sql Injection in /admin/login.php admin/ajax/avatar.php Unauthorized Sql Injection in admin/ajax/avatar.php Feb 16, 2022
@creptor
Copy link
Contributor

creptor commented Feb 18, 2022

Thank you for taking the time to write this Issue for the project. It's very helpful for new users to understand some of the common problems they can face while developing a website on any platform.


SQL injections are a common problem in the series and is present to a great extent in the code itself, which is very dangerous. If a website fails to stop these kinds of attacks it could end on lost information from the database or even compromise the website for malicious use.

For this and many other problems I always mention that Atom.CMS is not meant to be used in production, and it should be used solely for learning PHP in a controlled environment.

That said, an option to avoid the above issue was already discuss in #255, but to remove many of those SQL injections you could try PDO or a function that filters all the user inputs (which you could easily find on the web).


I'm not the author or maintainer of this project, just someone who learned a lot from the YouTube series and is willing to help.

@v-dumitrescu
Copy link
Collaborator

The branch "AtomCMS-2.1" contains security fixes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants