Public Exploit 1.1.8 /sql Injection
Posted 21 November 2012 - 03:34 PM
Its only afted on 1.1.8? (i know its a old version)
Was a security hole on the framework or on the developed application(i mean can be a problem with AR or something built-in?) ??
Posted 21 November 2012 - 04:42 PM
His website is still vulnerable to this exploit... this is the code he is using
$q = Yii::app()->getRequest()->getPost("q"); $products = product::model()->findAll(array( "condition" => "enable = 1 AND name like '%" . $q . "%'" ));
Problem is that he is using directly the pased search variable $q, instead of binding for example or sanitizing the input.
Posted 21 November 2012 - 04:47 PM
If somebody has a way please let the website owner know about this exploit.