[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Open Source Tool | MPT: Pentest In Action!
From: Solar Designer <solar () openwall ! com>
Date: 2023-06-23 11:38:56
Message-ID: 20230623113856.GA7102 () openwall ! com
[Download RAW message or body]
I think I overlooked two things:
On Fri, Jun 23, 2023 at 01:22:17PM +0200, Solar Designer wrote:
> On Thu, Jun 22, 2023 at 06:05:14PM +0530, Jyoti Raval wrote:
> > Managing Pentest (MPT: Pentest In Action) [image: HITBSecConf HITB2022SIN]
> > <https://conference.hitb.org/hitbsecconf2022sin/session/mpt-pentest-in-action/>
>
> This isn't a topic for oss-security. But per the above, an Open Source
> security tool announced for the first time nevertheless is.
While the code is technically open source, for it to be on-topic here
it'd have to be under an Open Source license - and there's no license
currently specified in the GitHub repo. Jyoti, please fix this.
> > Github - https://github.com/jenyraval/MPT
> live_edit.php:
> $input = filter_input_array(INPUT_POST);
> if ($input['action'] == 'edit') {
> $update_field='';
> if(isset($input['status'])) {
> $update_field.= "status='".$input['status']."'";
> }
> if($update_field && $input['id']) {
> $sql_query = "UPDATE issuedetails SET $update_field WHERE id='" . $input['id'] . "'";
> mysqli_query($db, $sql_query) or die("database error:". mysqli_error($conn));
>
> (Yes, the lack of indentation is in the original.)
>
> Apparently, no escaping nor filtering is actually performed here, and
> also no use of prepared statements. Likely (post-authentication?) SQL
> injection possibility. OVE-20230623-0003
Actually, this looks pre-authentication. Most of this project's PHP
files include session.php, which attempts an authentication check, but
live_edit.php does not include it.
Alexander
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic