dualbus
commented
11 years ago Github removed the link, here it is: http://www.gradschoolsearch.org/search.php?q='
Open dualbus opened 11 years ago
dualbus
commented
11 years ago Github removed the link, here it is: http://www.gradschoolsearch.org/search.php?q='
rcoh
commented
11 years ago Thanks for the heads up -- feel free to send us a pull request :-) We've known about these issues but the website isn't really used so it hasn't been maintained. How did you hear about re:search?
dualbus
commented
11 years ago Ok, I'll look at it later. re:search is the first result on google for the MD5 of www.google.com. i.e. 0a137b375cc3881a70e186ce2172c8d1
There are many SQL injection vectors on the website. A quick read of website/util.php makes that evident. Please read http://php.net/manual/en/security.database.sql-injection.php to learn how to fix the vulnerabilities.
This bug is serious. With a tool like sqlmap, someone could steal all the information in your database. If you didn't setup the correct permissions on the tables, malicious users could also delete data or insert administrative users.
Here's one way to trigger it:
http://www.gradschoolsearch.org/search.php?q='
(Just type a single quote into the search input).