Php Insecure Sha1 In Query
Description
Detects when SHA1 hashing function is used within MySQL queries in PHP code. This is considered insecure since SHA1 is cryptographically broken and can lead to hash collisions, making it unsuitable for securing sensitive data in databases.
Detection Strategy
• Identifies calls to mysql_query() function in PHP code
• Examines the first argument of mysql_query() to check if it contains SHA1 usage
• Reports a vulnerability when SHA1 is used within SQL queries, as this indicates potentially insecure password hashing or data protection
Vulnerable code example
<?php
function unsafe_query($username) {
// Vulnerable: Direct string interpolation in SQL query without escaping
$query = "SELECT * FROM users WHERE username LIKE '%s'";
return mysql_query($query);
}
function unsafe_query2($username, $password) {...✅ Secure code example
<?php
function safe_query($username) {
$db = new PDO('mysql:host=localhost;dbname=mydb', 'user', 'pass');
// Safe: Using prepared statement with parameter binding
$stmt = $db->prepare("SELECT * FROM users WHERE username LIKE ?");
$stmt->execute(['%' . $username . '%']);
return $stmt;
}...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.