Project: Github Paroxyste/Simply-Blog 20190102

Vulnerability: #9224520 (2019-01-02 06:08:03)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/Simply-Blog-master/posts/post.php:15 (show/hide source)
1  <?php
2  
3  require_once("../includes/database.php");
4  require_once("../includes/sessions.php");
5  require_once("../includes/functions.php");
6  
7  if(isset($_POST["submit"])) {
8  	$Name = mysqli_real_escape_string($Connection, $_POST["Name"]);
9  	$Email = mysqli_real_escape_string($Connection, $_POST["Email"]);
10  	$Comment = mysqli_real_escape_string($Connection, $_POST["Comment"]);
11  	$CurrentTime = time();
12  	$DateTime = date('d M Y', $CurrentTime);
13  	$DateTime;
14    $Author = "Laurent Echeverria";
15 $PostId = $_GET["id"];
16 17 if(empty($Name) || empty($Email) || empty($Comment)) {
Threat level 2

Callstack:

@INLINE::/Simply-Blog-master/posts/post.php /Simply-Blog-master/posts/post.php:290 (show/hide source)
270                        <p> Don&apos;t forget, You&apos;re Awesome!</p>
271                        <div class="media-footer">
272  
273                          <a href="#pablo" class="btn btn-primary btn-link float-right" rel="tooltip" title="Reply to Comment">
274                            <i class="material-icons">reply</i> Reply
275                          </a>
276  
277                          <a href="#pablo" class="btn btn-link btn-secondary float-right">
278                            <i class="material-icons">favorite</i> 2
279                          </a>
280                        </div>
281                      </div>
282                    </div>
283                  </div>
284                </div>
285              </div>
286  
287              <?php }; ?>
288  
289              <h3 class="title text-center">Post your comment</h3>
290 <form action="post.php?id=<?php echo $PostId; ?>" method="post">
291 <div class="media media-post"> 292 <div class="media-body">