oss-sec mailing list archives
Re: Open Source Tool | MPT: Pentest In Action!
From: Solar Designer <solar () openwall com>
Date: Fri, 23 Jun 2023 13:38:56 +0200
I think I overlooked two things: On Fri, Jun 23, 2023 at 01:22:17PM +0200, Solar Designer wrote:
On Thu, Jun 22, 2023 at 06:05:14PM +0530, Jyoti Raval wrote:Managing Pentest (MPT: Pentest In Action) [image: HITBSecConf HITB2022SIN] <https://conference.hitb.org/hitbsecconf2022sin/session/mpt-pentest-in-action/>This isn't a topic for oss-security. But per the above, an Open Source security tool announced for the first time nevertheless is.
While the code is technically open source, for it to be on-topic here it'd have to be under an Open Source license - and there's no license currently specified in the GitHub repo. Jyoti, please fix this.
Github - https://github.com/jenyraval/MPT
live_edit.php: $input = filter_input_array(INPUT_POST); if ($input['action'] == 'edit') { $update_field=''; if(isset($input['status'])) { $update_field.= "status='".$input['status']."'"; } if($update_field && $input['id']) { $sql_query = "UPDATE issuedetails SET $update_field WHERE id='" . $input['id'] . "'"; mysqli_query($db, $sql_query) or die("database error:". mysqli_error($conn)); (Yes, the lack of indentation is in the original.) Apparently, no escaping nor filtering is actually performed here, and also no use of prepared statements. Likely (post-authentication?) SQL injection possibility. OVE-20230623-0003
Actually, this looks pre-authentication. Most of this project's PHP files include session.php, which attempts an authentication check, but live_edit.php does not include it. Alexander
Current thread:
- Open Source Tool | MPT: Pentest In Action! Jyoti Raval (Jun 22)
- Re: Open Source Tool | MPT: Pentest In Action! Solar Designer (Jun 23)
- Re: Open Source Tool | MPT: Pentest In Action! Solar Designer (Jun 23)
- Re: Open Source Tool | MPT: Pentest In Action! Solar Designer (Jun 23)