Project: Github Paroxyste/Simply-Blog 20190102

Vulnerability: #9224518 (2019-01-02 06:08:03)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink @FUNCTION::mysqli_query
Risk _GET
/Simply-Blog-master/posts/post.php:122 (show/hide source)
102          </form>
103        </div>
104      </div>
105    </nav>
106  
107    <div class="page-header header-filter clear-filter" style="background-image: url('../assets/img/bg0.jpg');">
108      <div class="container">
109        <div class="row">
110          <div class="col-md-8 ml-auto mr-auto">
111            <div class="brand">
112              <h1>Simply Blog</h1>
113              <h3 class="title">A simple but efficient blogging CMS !</h3>
114            </div>
115          </div>
116        </div>
117      </div>
118    </div>
119  
120    <?php
121      if(isset($_GET["SearchButton"])) {
122 $Search = $_GET["Search"];
123 $ViewQuery = "SELECT * FROM admin_panel WHERE datetime LIKE '%$Search%' 124 OR title LIKE '%$Search%' OR category LIKE '%$Search%' OR post LIKE '%$Search%'";
Threat level 1

Callstack:

@INLINE::/Simply-Blog-master/posts/post.php /Simply-Blog-master/posts/post.php:130 (show/hide source)
110          <div class="col-md-8 ml-auto mr-auto">
111            <div class="brand">
112              <h1>Simply Blog</h1>
113              <h3 class="title">A simple but efficient blogging CMS !</h3>
114            </div>
115          </div>
116        </div>
117      </div>
118    </div>
119  
120    <?php
121      if(isset($_GET["SearchButton"])) {
122        $Search = $_GET["Search"];
123        $ViewQuery = "SELECT * FROM admin_panel WHERE datetime LIKE '%$Search%' 
124                      OR title LIKE '%$Search%' OR category LIKE '%$Search%' OR post LIKE '%$Search%'";
125        } else {
126          $PostIdFromURL = $_GET["id"];
127          $ViewQuery = "SELECT * FROM admin_panel WHERE id='$PostIdFromURL' ORDER BY id DESC";
128        };
129  
130 $Execute = mysqli_query($Connection, $ViewQuery);
131 while($DataRows = mysqli_fetch_array($Execute)) { 132 $PostId = $DataRows["id"];