TikiWiki 17.1 SQLi: Scan, Verify and Patch in Minutes

2018-07-19T11:00:00
ID RIPSTECH:7BEBC542B5BEE10B54CE449A0984D12F
Type ripstech
Reporter RIPS Technologies Blog
Modified 2018-07-19T11:00:00

Description

Scanning TikiWiki comes with many built-in features. A manual audit of such a huge code base for security issues would require a tremendous amount of time and expertise. The automated security analysis of TikiWiki's 1.7 million lines of code with RIPS took roughly 14 minutes. Once the scan finished, a vulnerability of type SQL Injection was reported in the user interface. By selecting the SQL injection category in the RIPS UI, we can see a summary of the affected code lines (top), an issue description (right), and the original code as reference (bottom).