search

kmcdon83 / DVWA

Damn Vulnerable Web Application (DVWA)
http://dvwa.co.uk
GNU General Public License v3.0
0 stars 1 forks source link

CX Second_Order_SQL_Injection @ dvwa/includes/dvwaPage.inc.php [master] #23

Open ghost opened 3 years ago

ghost commented 3 years ago

Second_Order_SQL_Injection issue exists @ dvwa/includes/dvwaPage.inc.php in branch master

Method &dvwaSessionGrab at line 53 of dvwa\includes\dvwaPage.inc.php gets database data from the _SESSION_dvwa element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method <?php at line 1 of vulnerabilities\captcha\source\medium.php. This may enable an Second-Order SQL Injection attack.

Severity: High

CWE:89

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 57

Code (Line #57):

    return $_SESSION[ 'dvwa' ];
ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.