Filled php script on find-xss.net, it showed me that there is SQL injection in the $ port parameter, here:

$port=$_SERVER['REMOTE_PORT']; mysql_query("insert into logs(logindate,username,ipaddr,timestamp,port) values('$date','$loguser','$ip','$timestamp','$port')");

How to make a SQL injection? Tried in different ways, did not fit.

  • If only on the client side to fake $ _SERVER ['REMOTE_PORT'] it is theoretically possible, but time consuming. In any case, it is better to use the function mysql_real_escape_string () - $ port = mysql_real_escape_string ($ _ SERVER ['REMOTE_PORT']). Take it as a rule - do not trust any data coming from the client. - Shamanis
  • 2
    Uh, REMOTE_PORT is not generated by the client, but by the web server and is always a number. Not aware of the essence of the injection. - drdaeman
  • Are you sure that $ port is to blame? And the other variables are somehow processed? - istem

1 answer 1

The entire array of $ _SERVER comes from the user, the remote server is the same user. How exactly to use the vulnerability, I will not say, but I think there is a way. Once $ _SERVER ['REMOTE_PORT'] is generated by the server.