Project: Github Paroxyste/Simply-Blog 20190102

Vulnerability: #9224546 (2019-01-02 06:08:04)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::move_uploaded_file
Risk _FILES
/Simply-Blog-master/admin/editPost.php:17 (show/hide source)
1  <?php
2  
3  require_once("../includes/database.php");
4  require_once("../includes/sessions.php");
5  require_once("../includes/functions.php");
6  
7  $Admin = "Laurent Echeverria";
8  
9  if(isset($_POST["submit"])) {
10  	$Title = mysqli_real_escape_string($Connection, $_POST["Title"]);
11  	$Category = mysqli_real_escape_string($Connection, $_POST["Category"]);
12    $Post = mysqli_real_escape_string($Connection, $_POST["Post"]);
13  	$CurrentTime = time();
14  	$DateTime = date('d M Y', $CurrentTime);
15  	$DateTime;
16  	$Image = $_FILES["Image"]["name"];
17 $Target = "../assets/img/uploads/" . basename($_FILES["Image"]["name"]);
18 $SearchQueryParam = $_GET["edit"]; 19
Threat level 0

Callstack:

@INLINE::/Simply-Blog-master/admin/addPost.php /Simply-Blog-master/admin/addPost.php:30 (show/hide source)
10  	$Title = mysqli_real_escape_string($Connection, $_POST["Title"]);
11  	$Category = mysqli_real_escape_string($Connection, $_POST["Category"]);
12  	$Post = mysqli_real_escape_string($Connection, $_POST["Post"]);
13  	$CurrentTime = time();
14  	$DateTime = date('d M Y', $CurrentTime);
15  	$DateTime;
16  	$Image = $_FILES["Image"]["name"];
17  	$Target = "../assets/img/uploads/" . basename($_FILES["Image"]["name"]);
18  
19  	if(empty($Title) || empty($Category) || empty($Image) || empty($Post))  {
20  		$_SESSION["ErrorMessage"] = "All Fileds Are Required !";
21  		Redirect_to("addPost.php");
22  	} elseif(strlen($Title) < 5 || strlen($Post) < 50) {
23  		$_SESSION["ErrorMessage"] = "You must write more characters";
24  		Redirect_to("addPost.php");
25  	} else {
26  		$Query = "INSERT INTO admin_panel (datetime, title, category, author, image, post)
27  				      VALUES ('$DateTime', '$Title', '$Category', '$Admin', '$Image', '$Post')";
28  		
29  		$Execute = mysqli_query($Connection, $Query);
30 move_uploaded_file($_FILES["Image"]["tmp_name"], $Target);
31 32 if($Execute) {