SQL injection search

286 点作者 mike_esspe将近 12 年前

24 条评论

a1a将近 12 年前

While we are at it.. XSS search: <a href="https://github.com/search?q=extension%3Aphp+%3C%3F%3D%24_GET&type=Code&ref=searchresults" rel="nofollow">https://github.com/search?q=extension%3Aphp+%3C%3F%3D%24_GET...</a>

评论 #5805466 未加载

评论 #5805953 未加载

评论 #5806004 未加载

thiderman将近 12 年前

Heh, cute. This means Github could probably do some automated means of informing these people that their code is insecure and would be a danger to themselves and their users. I'm not sure if they should, but it's interesting that they could.

评论 #5805199 未加载

评论 #5805235 未加载

sage_joch将近 12 年前

This is a potentially great idea. You could make your build process include submitting your code to a search engine like this (perhaps in some obfuscated manner) and making illegal patterns fail if not manually "approved". Just because the halting problem exists doesn't mean there's not a low hanging fruit in approaching it.

评论 #5806300 未加载

评论 #5806495 未加载

评论 #5806178 未加载

postfuturist将近 12 年前

This isn't a search for SQL injection, its a search for a couple things that you often find in older PHP code that is generally hacked together and likely to have SQL injection vulnerabilities for historical and cultural reasons. However it's perfectly easy to avoid SQL injection even using these things.<pre><code> $id = mysql_real_escape_string($_GET['id']); $res = mysql_query("SELECT foo FROM bar WHERE id='$id'"); </code></pre> That may be ugly, but it's bulletproof regarding injection.

评论 #5806671 未加载

评论 #5806979 未加载

评论 #5806721 未加载

评论 #5806414 未加载

评论 #5811904 未加载

tofflos将近 12 年前

I don't know much about PHP but I happened to rewrite some old forms a couple of years ago. The original author had relied on a technique called "magic quotes" (<a href="http://php.net/manual/en/security.magicquotes.php" rel="nofollow">http://php.net/manual/en/security.magicquotes.php</a>) which automatically sanitized user input. When we upgraded our version of PHP "magic quotes" had been deprecated and dropped.It would be interesting to know if some of these developers are relying on "magic quotes" or something similar... and also to know how large share of the total number of projects these projects represent.

评论 #5806584 未加载

tptacek将近 12 年前

There's a joke to be made here about "broken crypto search".

评论 #5806069 未加载

orangethirty将近 12 年前

Looking around I found a simple CMS sold to small online stores. Through their links you can find a listing of their customers (people who use their CMS). Problem is the CMS is open to SQL injection everywhere. If a script kiddie found this info they could take down a lot of online stores. Not good.

评论 #5805523 未加载

评论 #5807817 未加载

PanMan将近 12 年前

Nice example, but not all are insecure. For example, the second one here is:<pre><code> $result = mysql_query('DELETE FROM saves WHERE id = '.(int)$_GET['delete']);</code></pre>

评论 #5805511 未加载

评论 #5805421 未加载

评论 #5805443 未加载

kbenson将近 12 年前

I would like to say i'm surprised, but I'm not. PHP makes this easier by not even supporting parameter binding in the older, original mysql binding, so it's more prevalent.That said, I'm sure a slight tweak to the search would find a lot in other languages as well.

ya3r将近 12 年前

Sort the results by "last indexed" and see that people are doing it right now!<a href="https://github.com/search?q=extension%3Aphp+mysql_query+%24_GET&type=Code&s=indexed" rel="nofollow">https://github.com/search?q=extension%3Aphp+mysql_query+%24_...</a>

diminoten将近 12 年前

There is a huge need in the space for a well marketed quality assurance contractor who can find problems like this and fix them."We found these issues, and we can fix them all. Pay us for finding them or pay us some more for fixing them, too." sort of thing.Why don't you see QA shops popping up like this?

评论 #5805990 未加载

评论 #5805884 未加载

评论 #5806037 未加载

评论 #5806038 未加载

评论 #5806018 未加载

评论 #5806036 未加载

easy_rider将近 12 年前

I'm just amazed and disturbed that people who write this kind of code are aware of version control.

评论 #5808256 未加载

hising将近 12 年前

I guess people would pay for a service that could identify 90% of all security issues with an online service by going through source code and available routes. Anything that is available today?

评论 #5805474 未加载

评论 #5805670 未加载

评论 #5805723 未加载

josephscott将近 12 年前

In addition to $_GET searching for $_POST and $_REQUEST are bad too. Could even through in $_COOKIE and $_SERVER for that matter.

blazespin将近 12 年前

GitHub (and friends) sound like a great repository to train and prove the value of an automated code review product.

Killswitch将近 12 年前

Using unsanitized $_GET is the least of their problems considering mysql_* is deprecated.

评论 #5805363 未加载

评论 #5807310 未加载

cbsmith将近 12 年前

More comprehensive search for bugs: <a href="https://github.com/search?q=extension%3Aphp&type=Code&ref=searchresults" rel="nofollow">https://github.com/search?q=extension%3Aphp&type=Code&#3...</a>

boyter将近 12 年前

And for examples not limited to github <a href="http://searchcode.com/?q=mysql_query%20%24_GET%20lang%3APHP" rel="nofollow">http://searchcode.com/?q=mysql_query%20%24_GET%20lang%3APHP</a>

ams6110将近 12 年前

Some of these look like deliberate examples of vulnerable code (e.g. the one named "Injection.SQL.php")Alarmingly (and sadly) most do not.

评论 #5806115 未加载

wordofchristian将近 12 年前

I'd love to see the number of search results graphed over time.

artursapek将近 12 年前

75 thousand results. And these are just the public repos!

marizcombinator将近 12 年前

mysql_query is deprecated... use MySQLi or PDO

评论 #5805403 未加载

soheil将近 12 年前

This f'ing insane, and absolutely brilliant.

tshadwell将近 12 年前

;.;