Open aqlnce-af opened 4 years ago
Looks like it could be. However, the reference implementation contains
Function is_clientid validates this parameter before its included in the sql query. Probably a good idea to fix the SQL query form anyway, but the ctype_digit filter I suspect should prevent exploitability here in practice.
https://github.com/Yubico/yubikey-val/blob/master/ykval-synclib.php#L94
Is this not a SQL injection vulnerability?
$res = $this->db->customQuery("SELECT id, secret FROM clients WHERE active='1' AND id='" . $client . "'");