•  14-04-2022
  •  | 
  •  

Question

Hi ive just hear about an error in cakephp that allows sql inyection; https://twitter.com/cakephp/status/328610604778651649

I was trying to test my site using sqlmap, but i cant find how to specify the params.

The url i am testing is;

http://127.0.0.1/categories/index/page:1/sort:id/direction:asc

And the parameters i want to sqlmap inyect are in the url (page:,sort:,direction:)

I have try to run;

python sqlmap.py -u "http://127.0.0.1/categories/index/page:1/sort:id/direction:asc"

But nothing... Any clue? Thanks!

Was it helpful?

Solution

In CakePHP there are passed arguments, named parameters, and querystring parameters.

Passed arguments look like .../index/arg are accessed with $this->request->pass[0], where '0' is the array index. Named parameters look like .../index/key:value and are accessed with $this->request->named['key']. Querystring parameters look like ̀.../index?key=valueand are accessed with$this->request->query['key']`.

Your URL uses named parameters so it should look like this (without the question mark):

http://127.0.0.1/categories/index/page:1/sort:id/direction:asc

Edit:

Since CakePHP uses mod_rewrite, you have to specify the parameters as explained in the sqlmap wiki.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top