DataAssist Multiple Add to DB Vunerability
I have an issue with a page that appears to be vunerable to SQL Injection which uses the WA DataAssist Multiple Inserts Server Behaviour.
I have set up this page and attached a zip file containing the page in question.
You need to have the Firefox Tools on this page installed and then visit the url above and run the SQL Inject Me Report (I have attached a screenshot of the results I got) and you will see what I consider to be an alarming set of results.
A couple of observations, in the helper file for DataAssist there are a couple of lines of code that I think need revising
line 143: $formVal = "'".((!(preg_match("/(^|[^\\\\])'/", $formVal))) ? $formVal : addslashes($formVal))."'";
line 186: $formVal = "'".((!(preg_match("/(^|[^\\\\])'/", $formVal))) ? $formVal : addslashes($formVal));
I believe that using mysql_real_escape_string($formVal) would be a better method of escaping this value but even doing that leaves this page vulnerable so there is obviously a more deep rooted problem here with the code.
I have posted this here rather than in the public forum so that we can have a reasoned discussion about this issue and I would appreciate it if other WCE's did not publicize the url I have created as this is a current project that is ongoing at the moment.