SQL injection Vulnerability in CI framework

 0x00

In the CI Framework, the Get and post parameters are used in the $this->input class. get and post methods.

Where, if the second argument of the get and post methods is true, the input parameters are XSS -Filtered, Note that XSS filtering is not an effective precaution against SQL injection.

Example:

Controller , define a shit method to get the get data:

Specifies that the second argument is true:

(1) XSS Test

(2)SQL injection test

Single quotes are not processed.

Example in the program dance CMS , the CMS is a cmsthat is developed based on the CI framework :

The variables here are only post XSS filtering and cannot prevent SQL injection.

Using a concatenation of SQL statements, directly into the database query:

0x01

In the CI Framework, It is more reliable to use the AR class for database query, because the bottom layer will help the user to perform a valid escape, but it is only escaped.

The method of filtering is escape_str () :

function Escape_str ($str, $like = FALSE) {    var_dump ($STR);    echo "\ n";    if (Is_array ($STR))    {        foreach ($str as $key = = $val)        {            $str [$key] = Escape_str ($val, $like);        }        return $str;    }    if (function_exists (' mysql_real_escape_string '))    {        $str = addslashes ($STR);    }    ElseIf (function_exists (' mysql_escape_string '))    {        $str = mysql_escape_string ($STR);    }    else    {        $str = addslashes ($STR);    }    Escape like condition wildcards    if ($like = = = TRUE)    {        $str = str_replace (Array ('% ', ' _ '), Array (' \\% ', ' \\_ '), $str);    }    return $STR;}

The method simply invokes some escape functions and filters the like parameters.

If the queried variable is not wrapped in quotation marks, it cannot be protected:

0x02

The AR class filtering scheme is not considered the key value of the array, looking at the SQL injection of the large CMS , because of the array It is not uncommon for $key to filter the vulnerabilities directly into SQL queries.

The output is:

0x03

The CI Framework is fast, lightweight, and can be used without having to learn a template language alone. But if the CI framework in the security mechanism to understand not thorough, will lead to endless loopholes, program dance CMS is a good example, was grass so many back, the code is so rotten, directly in Controller wrote in SQL , said the Model it.

SQL injection Vulnerability in CI framework