HTML Usergroup Names vulnerable
Locked Asked Modified Viewed 2,726 times
asked
Code is vulnerable for sql injection
Code Download source
if(isset($_POST['save'])){
$usergroup = $_POST['htmlname_usergroup'];
$htmlname_html1 = $_POST['htmlname_html1'];
$htmlname_html2 = $_POST['htmlname_html2'];
$result3 = dbcount("(htmlname_usergroup)", DB_HTMLNAME_TABLE, "htmlname_usergroup = '".$usergroup."'");
if($result3 != 0){
$update = dbquery("UPDATE ".DB_HTMLNAME_TABLE." SET htmlname_html = '".$htmlname_html1."', htmlname_html2 = '".$htmlname_html2."' WHERE htmlname_usergroup = '".$usergroup."'");
}else{
$insert = dbquery("INSERT INTO ".DB_HTMLNAME_TABLE." (htmlname_id, htmlname_usergroup, htmlname_html, htmlname_html2, use_group) VALUES (NULL, '".$usergroup."', '".$htmlname_html1."', '".$htmlname_html2."', '1');");
}
} answered
Example? Source?
answered
http://www.php-fusion.co.uk/infusions/addondb/view.php?addon_id=470
for stripinput is need on the filter clean before on file admin htmlnames_admin.php
$usergroup = stripinput($_POST['htmlname_usergroup']);
$htmlname_html1 = stripinput($_POST['htmlname_html1']);
$htmlname_html2 = stripinput($_POST['htmlname_html2']);
for on infusion.php is bad the number value is big.
varchar 255 big text not null big
for stripinput is need on the filter clean before on file admin htmlnames_admin.php
$usergroup = stripinput($_POST['htmlname_usergroup']);
$htmlname_html1 = stripinput($_POST['htmlname_html1']);
$htmlname_html2 = stripinput($_POST['htmlname_html2']);
for on infusion.php is bad the number value is big.
htmlname_usergroup VARCHAR( 255 ) NOT NULL,htmlname_html TEXT NOT NULL,htmlname_html2 TEXT NOT NULL,varchar 255 big text not null big
answered
Don't hurry up, the input should be checked, but it is not a security vulnerable. You have to have admin rights for this infusion.
All table columns have wrong / too big values ;)
All table columns have wrong / too big values ;)
answered
if to receive administrator password is bad on it.
answered
When you have got admin access, you can do what you want (custom pages, panels, and so on).
answered
If not on administrator only find her password is problem form look in direction of database and user can reject password decryption for her password and she wants to enter it for user info panel she have access upon the side of administrator.
answered
Oh man stop arguing about this topic, I don't understand it and you're right, it should be fixed, but it is not a big deal...
answered
dears help situations under the ties for author secure.
answered
Thread is not very clear to say the least. Mongose's response is very hard to understand. Question asked and answered, this is not a security issue.
Locked.
Mongose, if you are having a hard time with the language, please make some effort using google translate or some other tool.
Locked.
Mongose, if you are having a hard time with the language, please make some effort using google translate or some other tool.
Category Forum
Suspected Bugs and Errors - 8Labels
None yet
Statistics
- Views 0 views
- Posts 9 posts
- Votes 0 votes
- Topic users 3 members
3 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions