Skip to main content

Internal working revealed

Why does this happen? Well just bad and poor coding standards and practices.

index.php
<?php
$host="localhost";$port=3306;$user="passwordM";$password="hWjSh812jDn1asd./213-91!#(";$dbname="bread";$method = "";$con = new mysqli($host, $user, $password, $dbname, $port) or die ('Could not connect to the database server' . mysqli_connect_error());if(isset($_REQUEST['method'])){        $method = $_REQUEST['method'];}echo $method;if($method == "select"){        $sql = "SELECT aes_key FROM ".$_REQUEST['table']." WHERE account='".$_REQUEST['username']."'";        $results = $con->query($sql);
        echo var_dump(mysqli_fetch_all($results,MYSQLI_ASSOC));}
else{        echo "Bad Request";}

What happened?#

Perhaps Juliette was out of her mind and not focusing well when she coded this password manager. Simply concatinating strings without any form of sanitisation or checking surely spells trouble.

Contrast this with the code used by the portal login or book search which uses prepared statements and bind parameters which are very safe against SQL injections.

BookController.php#

bookController.php
<?php
if($_SERVER['REQUEST_METHOD'] == "POST"){    $out = "";    require '../db/db.php';
    $title = "";    $author = "";
    if($_POST['method'] == 0){        if($_POST['title'] != ""){            $title = "%".$_POST['title']."%";        }        if($_POST['author'] != ""){            $author = "%".$_POST['author']."%";        }

        $query = "SELECT * FROM books WHERE title LIKE ? OR author LIKE ?";        $stmt = $con->prepare($query);        $stmt->bind_param('ss', $title, $author);        $stmt->execute();        $res = $stmt->get_result();        $out = mysqli_fetch_all($res,MYSQLI_ASSOC);    }
    elseif($_POST['method'] == 1){        $out = file_get_contents('../books/'.$_POST['book']);    }
    else{        $out = false;    }
    echo json_encode($out);}

Portal usersController.php#

usersController.php
<?php
require "../db/db.php";$data = array();
$query = "SELECT * FROM users";$stmt = $con->prepare($query);$stmt->execute();$result = $stmt->get_result();$stmt->close();
while ($row = $result->fetch_array(MYSQLI_ASSOC)){    array_push($data, $row);}

Clearly, the dev team or Juliette need to step up their secure coding practices.