PHP SQL Injection



  • I noticed that the mysql driver for PHP is using an older version which is soon to be deprecated.  On my captive portal with radius I created a registration form with a simple query on a database server:

    $query = mysql_query("INSERT INTO reg_users (user_name, user_email, password, macaddress, phone_number, gender, reg_date) 
    VALUES 
    ('$user_name', '$user_email','$password', '$macaddress', '$phone_number', '$gender', '$reg_date')");
    

    Which is pretty much prone to sql injection, I just finished pentesting the form but I was wondering why sqlmap was not able to penetrate to such query.

    I also noticed that the phpinfo for pfsense has credits on extensions such as mysqli which is not supported by the current version or is it already supported? I would love to know what's under the hood.



  • Another quest is why is there code that hits tables directly? Everything should be through stored procedures and the client should not have direct table access. Much harder to dump tables with a SQL injection if you can't read the tables. /endrant



  • It's a pretty much accurate comment.  Though the resource in the /documentation is using the traditional way. :)  https://doc.pfsense.org/index.php/Using_Captive_Portal_with_FreeRADIUS#CaptivePortal_Self-Registration:FreeRADIUS.2B_MySQL


Log in to reply