1573920133
commented
1 year ago @726232111 this is not to access to "Example: https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md" It's not found!
Closed 726232111 closed 1 year ago
1573920133
commented
1 year ago @726232111 this is not to access to "Example: https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md" It's not found!
726232111
commented
1 year ago Hello, you can now access the example
? @.***
------------------ Original ------------------ From: @.>; Send time: Monday, Oct 10, 2022 3:34 PM @.>; @.>; @.>; Subject: Re: [bcit-ci/CodeIgniter] Database fields can cause sql injection (Issue #6161)
@726232111 this is not to access to "Example: https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md" It's not found!
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
ert-vivien
commented
1 year ago The link is still unavailable
726232111
commented
1 year ago Sorry, you can access it now
? @.***
------------------ Original ------------------ From: @.>; Send time: Monday, Oct 10, 2022 7:58 PM @.>; @.>; @.>; Subject: Re: [bcit-ci/CodeIgniter] Database fields can cause sql injection (Issue #6161)
The link is still unavailable
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
ert-vivien
commented
1 year ago Sorry, you can access it now
Still can't?
gxgpet
commented
1 year ago I managed to have a look before your repo went away.
Considering that all the following were happening:
information_schema as the main database;... then I don't know what else is much left to say here. Unless you really have a real-life, production situation where this happened, this is only carelessly programming and SQL injection should be the last thing to consider.
Last, but not least: we have information about how (and where) security reports should be done in the README file.
Liki4
commented
1 year ago 😄
MikeDombo
commented
1 year ago Seems like this is the root cause of an authentication bypass as explained by LiveOverlow: https://www.youtube.com/watch?v=2vAr9K5chII.
bunglegrind
commented
1 year ago Seems like this is the root cause of an authentication bypass as explained by LiveOverlow: https://www.youtube.com/watch?v=2vAr9K5chII.
Seems like you haven't noticed that 1) the video is on CI4 (this is CI3) 2) the actual bug is in the controller (specifically the input validation), not in CI query builder...
MikeDombo
commented
1 year ago Is the vulnerability which is shown in the video reported as a bug somewhere? It does look like a relatively easy mistake for inexperienced developers to make. At least the documentation should explain that keys won't be sql-escaped, if it doesn't already make that clear.
bunglegrind
commented
1 year ago using user input in sql queries as field identifiers is just asking for trouble. Even prepared statements don't work in this way.
kenjis
commented
1 year ago Yes, this is a bug in an app, not in a framework, and the article is about CI4, but the same thing goes with CI3.
Authentication Bypass in CodeIgniter Due to Empty SQL Where Clause https://liveoverflow.com/authentication-bypassing-in-codeigniter-due-to-empty-where-clause/
_wh()、_where_in()、_like() do not filter on query fields, If the developer incorrectly receives the query fields from the client, it can lead to SQL injection.
Example: https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md
I'm not sure if this is assessed as a security issue.