Closed 726232111 closed 1 year ago
@726232111 this is not to access to "Example: https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md" It's not found!
Hello, you can now access the example
? @.***
------------------ Original ------------------ From: @.>; Send time: Monday, Oct 10, 2022 3:34 PM @.>; @.>; @.>; Subject: Re: [bcit-ci/CodeIgniter] Database fields can cause sql injection (Issue #6161)
@726232111 this is not to access to "Example: https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md" It's not found!
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
The link is still unavailable
Sorry, you can access it now
? @.***
------------------ Original ------------------ From: @.>; Send time: Monday, Oct 10, 2022 7:58 PM @.>; @.>; @.>; Subject: Re: [bcit-ci/CodeIgniter] Database fields can cause sql injection (Issue #6161)
The link is still unavailable
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
Sorry, you can access it now
Still can't?
I managed to have a look before your repo went away.
Considering that all the following were happening:
information_schema
as the main database;... then I don't know what else is much left to say here. Unless you really have a real-life, production situation where this happened, this is only carelessly programming and SQL injection should be the last thing to consider.
Last, but not least: we have information about how (and where) security reports should be done in the README
file.
😄
Seems like this is the root cause of an authentication bypass as explained by LiveOverlow: https://www.youtube.com/watch?v=2vAr9K5chII.
Seems like this is the root cause of an authentication bypass as explained by LiveOverlow: https://www.youtube.com/watch?v=2vAr9K5chII.
Seems like you haven't noticed that 1) the video is on CI4 (this is CI3) 2) the actual bug is in the controller (specifically the input validation), not in CI query builder...
Is the vulnerability which is shown in the video reported as a bug somewhere? It does look like a relatively easy mistake for inexperienced developers to make. At least the documentation should explain that keys won't be sql-escaped, if it doesn't already make that clear.
using user input in sql queries as field identifiers is just asking for trouble. Even prepared statements don't work in this way.
Yes, this is a bug in an app, not in a framework, and the article is about CI4, but the same thing goes with CI3.
Authentication Bypass in CodeIgniter Due to Empty SQL Where Clause https://liveoverflow.com/authentication-bypassing-in-codeigniter-due-to-empty-where-clause/
_wh()、_where_in()、_like() do not filter on query fields, If the developer incorrectly receives the query fields from the client, it can lead to SQL injection.
Example: https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md
I'm not sure if this is assessed as a security issue.