jenyraval
commented
5 years ago @fbogner Appreciate you time in reviewing!
I am in process of fixing sec-bugs, shall commit code once I am done.
Thanks!
Closed fbogner closed 5 years ago
jenyraval
commented
5 years ago @fbogner Appreciate you time in reviewing!
I am in process of fixing sec-bugs, shall commit code once I am done.
Thanks!
jenyraval
commented
5 years ago changes merged to master.
Thanks for reporting!
As this tool has also been introduced on the Full Disclosure mailing list I got interested and took a brief look at its source code. Thereby I detected several SQL injections:
For example see https://github.com/jenyraval/Phishing-Simulation/blob/master/phishClient/test.php
$testcode = htmlspecialchars($_POST['testcode']); $empid = htmlspecialchars($_POST['empid']); $query = "insert into employee (testcode,empid) values ('$testcode','$empid');";By setting the post param testcode to 1’ the resulting SQL statement is: insert into employee (testcode,empid) values ('1'','12'); -> a first proof that this is exploitable
With the help of SQLmap this can even be automated:
There are further files that show signs of SQL injections: https://github.com/jenyraval/Phishing-Simulation/blob/master/AdminPanel/setup2.php https://github.com/jenyraval/Phishing-Simulation/blob/master/AdminPanel/analysis.php https://github.com/jenyraval/Phishing-Simulation/blob/master/phishClient/result.php
Please always use parameterized queries! Especially if you create a security-focused application ;-)