Questions about RevCMS vulnerabilities scan
I did a scan of my Lewislol 3,2 edit of revcms and this is what i got listed under "SQL Injection"
My question is; is this possible exploits? And how do i fix theese?
in class.forms.php
Code:
$result = mysql_query("SELECT title, id FROM cms_news WHERE id != '" . $engine->secure($_GET['id']) . "' ORDER BY id DESC");
in news.php
Code:
mysql_query("INSERT INTO site_news_comments (article, userid, comment, posted_on, author) VALUES ('".htmlentities($_GET['id'])."', '".$_SESSION['userid']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');");
also in news.php
Code:
$getComments = mysql_query("SELECT * FROM site_news_comments WHERE article = '".htmlentities($_GET['id'])."' ORDER by id DESC");
Re: Questions about RevCMS vulnerabilities scan
Re: Questions about RevCMS vulnerabilities scan
Well, I doubt htmlentities will remove any possible injections. Use mysql_real_escape_string() or even better; update it all to PDO.
Always use mysql_real_escape_string() to escape user input that might be used to exploit, think of $_POST, $_GET and $_COOKIE
Quote:
Originally Posted by
PR0
What are the errors?
There are no errors. Read opening post again please.
Re: Questions about RevCMS vulnerabilities scan
Quote:
Originally Posted by
The General
Well, I doubt htmlentities will remove any possible injections. Use mysql_real_escape_string() or even better; update it all to PDO.
Always use mysql_real_escape_string() to escape user input that might be used to exploit, think of $_POST, $_GET and $_COOKIE
There are no errors. Read opening post again please.
If there is a SQL vulnerability it is an error. If he scanned his site, he's most likely using Acunetix. The report is more useful and understandable to me than the queries.
