LisaCabot
commented
1 day ago Added min and max limit as well as character limitation to all the input windows in index, friends, post, comments and profile. This should stop most if not all of the SQL injections, leaving nly the url to fix.
Description: The application does not sanitize its URIs or SQL queries created from user inputs, such as account creation fields, adding friends, comments, posts or editing profiles. Potential Impact: The SQL injection vulnerability allows for an attacker to extract data from the database, including user data such as personal information and login credentials. Affected part of the application: The database and backend that handles queries. Type of vulnerability: SQL Injection (https://cwe.mitre.org/data/definitions/89.html)