Project: Github Paroxyste/Simply-Blog 20190102

Vulnerability: #9224517 (2019-01-02 06:08:03)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::header
Risk _GET
/Simply-Blog-master/posts/post.php:15 (show/hide source)
1  <?php
2  
3  require_once("../includes/database.php");
4  require_once("../includes/sessions.php");
5  require_once("../includes/functions.php");
6  
7  if(isset($_POST["submit"])) {
8  	$Name = mysqli_real_escape_string($Connection, $_POST["Name"]);
9  	$Email = mysqli_real_escape_string($Connection, $_POST["Email"]);
10  	$Comment = mysqli_real_escape_string($Connection, $_POST["Comment"]);
11  	$CurrentTime = time();
12  	$DateTime = date('d M Y', $CurrentTime);
13  	$DateTime;
14    $Author = "Laurent Echeverria";
15 $PostId = $_GET["id"];
16 17 if(empty($Name) || empty($Email) || empty($Comment)) {
Threat level 2

Callstack:

@FUNCTION::Redirect_to /Simply-Blog-master/includes/functions.php:3 (show/hide source)
1  <?php
2      function Redirect_to($New_Location) {
3 header("Location:" . $New_Location);
4 exit; 5 };
@INLINE::/Simply-Blog-master/posts/post.php /Simply-Blog-master/posts/post.php:33 (show/hide source)
13  	$DateTime;
14    $Author = "Laurent Echeverria";
15    $PostId = $_GET["id"];
16  
17  	if(empty($Name) || empty($Email) || empty($Comment)) {
18  		$_SESSION["ErrorMessage"] = "All Fileds Are Required !";
19  
20  	} elseif(strlen($Comment) > 160) {
21  		$_SESSION["ErrorMessage"] = "Only 160 characters are allowed in comment.";
22  	} else {
23      $PostIdFromURL = $_GET["id"];
24      $Query = "INSERT INTO comments (datetime, name, email, comment, status, admin_panel_id)
25                VALUES ('$DateTime', '$Name', '$Email', '$Comment', 'Off', '$PostIdFromURL')";
26  		$Execute = mysqli_query($Connection, $Query);
27  
28  		if($Execute) {
29  			$_SESSION["SuccessMessage"] = "Comment Submitted Successfully !";
30  			Redirect_to("post.php?id={$PostId}");
31  		} else {
32  			$_SESSION["ErrorMessage"] = "Something went wrong, Try Again !";
33 Redirect_to("post.php?id={$PostId}");
34 }; 35 };