Shulou(Shulou.com)06/01 Report--

This article focuses on "the reasons for the formation of the latest SQL injection vulnerabilities in the PHP framework Laravel". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "the cause of the latest SQL injection vulnerability in the PHP framework Laravel".

PHP well-known development framework Laravel, a few days ago in the official blog reported a high-risk SQL injection vulnerability, here is a brief analysis.

First of all, this vulnerability belongs to the non-standard coding writing of the website, which is officially given a hint:

However, officials still made a fix, upgrading the latest version of V5.8.7 can be fixed.

Let's first locate here:

Illuminate\ Validation\ Rule

The official recommendation is as follows:

Rule::unique ('users')-> ignore ($id)

If the website coding does not preprocess the value of $id, the user can pass malicious data directly to the ignore function, which will result in SQL injection.

Let's follow the function:

\ Illuminate\ Validation\ Rules\ Unique.phpclass Unique {... public function ignore ($id, $idColumn = null) {if ($id instanceof Model) {return $this- > ignoreModel ($id, $idColumn);} $this- > ignore = $id;$this- > idColumn = $idColumn?? 'id';return $this;}

Here, we do not consider writing $id as an instance. If $id is controllable by the user, $idColumn can be written as empty. The final assignment is as follows:

$this- > ignore = $id;$this- > idColumn = 'id'

If the website code is constructed like this, the value entered by the hacker is controllable:

$id = $request- > input ('id')

In the end, we will come here:

Illuminate\ Validation\ Rules\ Unique.phppublic function _ _ toString () {...}

Let's look at the key code changes:

Illuminate\ Validation\ Rules\ Unique.phpV5.8.7 [latest version] public function _ _ toString () {$this- > ignore?'".addslink ($this- > ignore).'"'": 'NULL',} Illuminate\ Validation\ Rules\ Unique.phpV5.8.4public function _ toString () {$this- > ignore?'. $this- > ignore.'": 'NULL',}

The latest code here, v5.8.7, gives $this- > ignore directly to addslashes, which was previously unprotected.

Interestingly, the author compared diff, during which officials also tried to filter other citations. Finally, uniform filtering is carried out at _ _ toString.

Finally, the following code goes into DatabaseRule for subsequent SQL rule matching.

Illuminate\ Validation\ Rules\ DatabaseRule.php

There is no further processing after that, and then the SQL injection is formed.

At this point, I believe you have a deeper understanding of "the reasons for the formation of the latest SQL injection vulnerability in PHP framework Laravel". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.