postgisleafletdemo icon indicating copy to clipboard operation
postgisleafletdemo copied to clipboard

Published 20 hours ago verified publisher icon northlandiguana

SQL injection vulnerability

Open oxguy3 opened this issue 7 years ago • 2 comments

In getData.php, data is passed directly from the $_GET array to an SQL query. If the user were to pass something malicious in as GET input, they would have complete control of the database. The user input should be passed in a parameters; see http://bobby-tables.com/php for more info about avoiding SQL injection vulnerabilities in PHP.

oxguy3 avatar Mar 29 '17 16:03 oxguy3

And how exactly would a user do that, since the only things passed to getdata.php are variables hard-coded in the JavaScript? There's no form data here.

northlandiguana avatar Mar 29 '17 17:03 northlandiguana

They could simply edit the source code of the web page to allow other values, or even manually build a malicious request with cURL or Postman or some other HTTP utility. You can't trust that the user is going to load your HTML and JS without modifying it; you have to check everything they send you on the server-side.

oxguy3 avatar Mar 29 '17 20:03 oxguy3