Vulnerable-Web-Application icon indicating copy to clipboard operation
Vulnerable-Web-Application copied to clipboard

Published 20 hours ago verified publisher icon OWASP

[FIX] SQL Level 5, variable should not be inside string single-quotes

Open lacksfish opened this issue 2 years ago • 2 comments

Line 50 $query = "SELECT bookname,authorname FROM books WHERE number =".'$number';

in sql5.php will never work, as '$number' is a string.

Asuming this was an error, this PR fixes this issue.

lacksfish avatar Mar 11 '22 11:03 lacksfish

I'm contemplating what that line should've looked like

Possible intentions could have been:

$query = "SELECT bookname,authorname FROM books WHERE number ="."'$number'"; or similarly $query = "SELECT bookname,authorname FROM books WHERE number =".$number;

I've also thought about this possibility: $query = "SELECT bookname,authorname FROM books WHERE number ='". $number . "'";

Either way, the current line is bugged, since it is taking $number as the literal string input each time. The value from $_POST['number'] is never used as of now.

lacksfish avatar Mar 11 '22 12:03 lacksfish

Thank you 👍🏻 I encountered the same issue. None of my static/dynamic scanners were able to spot the vulnerability because there is none. '$number' is not user-controlled data.

JonasPertschy avatar Jul 21 '22 13:07 JonasPertschy