[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Open Source Tool | MPT: Pentest In Action!
From:       Solar Designer <solar () openwall ! com>
Date:       2023-06-23 11:38:56
Message-ID: 20230623113856.GA7102 () openwall ! com
[Download RAW message or body]

I think I overlooked two things:

On Fri, Jun 23, 2023 at 01:22:17PM +0200, Solar Designer wrote:
> On Thu, Jun 22, 2023 at 06:05:14PM +0530, Jyoti Raval wrote:
> > Managing Pentest (MPT: Pentest In Action) [image: HITBSecConf HITB2022SIN]
> > <https://conference.hitb.org/hitbsecconf2022sin/session/mpt-pentest-in-action/>
> 
> This isn't a topic for oss-security.  But per the above, an Open Source
> security tool announced for the first time nevertheless is.

While the code is technically open source, for it to be on-topic here
it'd have to be under an Open Source license - and there's no license
currently specified in the GitHub repo.  Jyoti, please fix this.

> > Github - https://github.com/jenyraval/MPT

> live_edit.php:
> $input = filter_input_array(INPUT_POST);
> if ($input['action'] == 'edit') {
> $update_field='';
> if(isset($input['status'])) {
> $update_field.= "status='".$input['status']."'";
> }
> if($update_field && $input['id']) {
> $sql_query = "UPDATE issuedetails SET $update_field WHERE id='" . $input['id'] . "'";
> mysqli_query($db, $sql_query) or die("database error:". mysqli_error($conn));
> 
> (Yes, the lack of indentation is in the original.)
> 
> Apparently, no escaping nor filtering is actually performed here, and
> also no use of prepared statements.  Likely (post-authentication?) SQL
> injection possibility.  OVE-20230623-0003

Actually, this looks pre-authentication.  Most of this project's PHP
files include session.php, which attempts an authentication check, but
live_edit.php does not include it.

Alexander
[prev in list] [next in list] [prev in thread] [next in thread]