Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User input validation needed to prevent SQL injections #24

Open
real-lake050317 opened this issue Jan 17, 2022 · 1 comment · Fixed by #25
Open

User input validation needed to prevent SQL injections #24

real-lake050317 opened this issue Jan 17, 2022 · 1 comment · Fixed by #25
Assignees
@real-lake050317
Labels
Vulnerability Security malfunctions; in threat of SQL injection, MITM, etc. .

Comments

@real-lake050317
Copy link
Member

User input validation needed to prevent SQL injections
-> in comment & search section
@real-lake050317
Copy link
Member Author

real-lake050317 commented Jan 20, 2022
edited 

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ';--%' OR `s_name` LIKE '%';--%' OR `s_homepage` LIKE '%';--%' OR `s_email` LIKE ' at line 1
Warning: Invalid argument supplied for foreach() in /srv/http/kmla/src/content/searchall.php on line 130

Warning: Invalid argument supplied for foreach() in /srv/http/kmla/src/content/searchall.php on line 157

Warning: Invalid argument supplied for foreach() in /srv/http/kmla/src/content/searchall.php on line 116

Warning: Invalid argument supplied for foreach() in /srv/http/kmla/src/content/searchall.php on line 99

Error occurs when ';-- is submitted to searchbox

@real-lake050317 real-lake050317 self-assigned this Jan 20, 2022
@real-lake050317 real-lake050317 added Vulnerability Security malfunctions; in threat of SQL injection, MITM, etc. . and removed Vulnerability Security malfunctions; in threat of SQL injection, MITM, etc. . labels Jan 20, 2022
@real-lake050317 real-lake050317 linked a pull request Jan 20, 2022 that will close this issue
Update searchall.php #25
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@real-lake050317 real-lake050317

Labels
Vulnerability Security malfunctions; in threat of SQL injection, MITM, etc. .
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update searchall.php kmladotnet/kmlaonline
1 participant
@real-lake050317