Closed
Bug 623979
Opened 14 years ago
Closed 14 years ago
Lack of parameterized queries allows SQL injection on count-update.php
Categories
(www.mozilla.org :: General, defect)
www.mozilla.org
General
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: ygjb, Unassigned)
References
()
Details
(Whiteboard: [infrasec:sqlinject][ws:critical])
Issue The file count-update.php constructs a dynamic SQL query from validated user supplied input. In order to prevent SQL injection attacks it is important to use parameterized statements. Steps to Reproduce The current version of count-update.php is not exploitable, but the following lines contain a call to mysql_query using a dynamic SQL query. 14- $query = "UPDATE $table SET count=count+$grow WHERE id=$id"; 15: mysql_query($query, $connection) or throwException(mysql_error()); 16- print "ok"; Recommended Remediation To prevent this from occurring, implement parameterized queries for each sql query in the application. For additional guidance, please refer to https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Preventing_SQL_Injection
Reporter | ||
Updated•14 years ago
|
Whiteboard: [infrasec:sqlinject][ws:critical]
Comment 1•14 years ago
|
||
I committed new code that uses PDO. Please review again.
Reporter | ||
Comment 2•14 years ago
|
||
SQL injection corrected.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment 3•13 years ago
|
||
Verified as fixed on staging. Parameterized queries are used, a non-numeric id results in an error message
Status: RESOLVED → VERIFIED
Updated•12 years ago
|
Group: websites-security
Assignee | ||
Updated•12 years ago
|
Component: www.mozilla.org → General
Product: Websites → www.mozilla.org
You need to log in
before you can comment on or make changes to this bug.
Description
•