Skip to content

SQL injection #17

Open
Open
SQL injection#17
@Gabriel-Lacorte

Description

@Gabriel-Lacorte
Gabriel-Lacorte
opened on May 7, 2024

Hello, I found a flaw in your code,
Several SQL queries that are performed are vulnerable to SQL injection.
Example:
https://github.com/PyFarsi/pyabr/blob/main/cloudprotocol/push.php

$sql = "SELECT password FROM users WHERE username='$username'";

Other vulnerable files are:
https://github.com/PyFarsi/pyabr/blob/main/cloudprotocol/inbox.php
https://github.com/PyFarsi/pyabr/blob/main/cloudprotocol/getkey.php

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions