Project: Github Paroxyste/Simply-Blog 20190102

Vulnerability: #9224524 (2019-01-02 06:08:03)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/Simply-Blog-master/posts/post.php:15 (show/hide source)
1  <?php
2  
3  require_once("../includes/database.php");
4  require_once("../includes/sessions.php");
5  require_once("../includes/functions.php");
6  
7  if(isset($_POST["submit"])) {
8  	$Name = mysqli_real_escape_string($Connection, $_POST["Name"]);
9  	$Email = mysqli_real_escape_string($Connection, $_POST["Email"]);
10  	$Comment = mysqli_real_escape_string($Connection, $_POST["Comment"]);
11  	$CurrentTime = time();
12  	$DateTime = date('d M Y', $CurrentTime);
13  	$DateTime;
14    $Author = "Laurent Echeverria";
15 $PostId = $_GET["id"];
16 17 if(empty($Name) || empty($Email) || empty($Comment)) {
Threat level 2

Callstack:

@INLINE::/Simply-Blog-master/blog.php /Simply-Blog-master/blog.php:143 (show/hide source)
123                  <a href="posts/post.php?id=<?php echo $PostId; ?>">
124                    <img class="img img-raised" src="../assets/img/uploads/<?php echo $Image; ?>">
125                  </a>
126  							</div>
127  
128                <div class="card-body">
129                  <h6 class="card-category text-rose"><?php echo htmlentities($Category); ?></h6>
130                  <h4 class="card-title">
131                    <a href="posts/post.php?id=<?php echo $PostId; ?>"><?php echo htmlentities($Title); ?></a>
132                  </h4>
133  
134                  <p class="card-description">
135                    <?php 
136                      if(strlen($Post) > 100) {
137                        $Post = substr($Post, 0, 135) . " ... ";
138                      };
139  
140                      echo htmlentities($Post);
141                    ?>
142  
143 <a href="posts/post.php?id=<?php echo htmlentities($PostId); ?>"> Read More &rsaquo;</a>
144 </p> 145