objecttothis
objecttothis
> This was a concrete example https://huntr.com/bounties/eccf7762-efb4-4db6-a1de-1030331f34d7 OK if someone else doesn't get to it then I'll try it on Monday when I'm working on this project again.
@jekkos it doesn't give me access to your dashboard. Are you able to either email it to me or send the report and example to the devroom in glitter? I'm...
@jekkos I think I'm just too much of a sucker for a good vulnerability hunt. I couldn't wait until Monday. Unfortunately here is the SQL being generated: ``` SELECT *...
If we want to use CodeIgniter's validation engine, it wouldn't be too difficult to write a custom rule. You can even pass the acceptable sort columns to the rule. It's...
Take a look at the query I posted. That's the result of $builder->getCompiledSelect(). It runs the injected select which just produces '1' on my database rather than enumerating tables, however...
Take a look at the query I posted. That's the result of $builder->getCompiledSelect(). It runs the injected select which just produces '1' on my database rather than enumerating tables, however...
Good ole' `Johnny DROP TABLES`
One way to make these scripts more resilient is to add if statement checks to the scripts to only run the commands if the change doesn't already exist. I'm surprised...
Hmmm. I'm using MySQL 8. I'm not sure why MySQL 8 can't handle a check to see if the constraint exists. Probably a good way forward is to have people...
@jekkos I've never used docker when installing ospos. Can you confirm for me that docker is only running database.sql from a built ospos to create a clean database and not...