Php Raw Sql Injection
Description
Detects potential SQL injection vulnerabilities in Laravel PHP applications where unsanitized user input is used in raw SQL queries. This can allow attackers to manipulate database queries and potentially access, modify or delete sensitive data through SQL injection attacks.
Detection Strategy
• Identifies calls to Laravel database methods that accept raw SQL (like DB::raw, selectRaw)
• Checks if the first argument to these methods contains user-controlled input
• Verifies the input is not properly sanitized/escaped
• Reports a vulnerability if unsafe user data flows into raw SQL query methods
Vulnerable code example
<?php
public function show(Request $request) {
$userId = $request->input('id'); // User input could be malicious like "1 OR 1=1"
// VULNERABLE: Direct concatenation of user input in raw SQL query
$user = User::whereRaw("id = " . $userId)->first();
...✅ Secure code example
<?php
public function show(Request $request) {
$userId = $request->input('id');
// SECURE: Using parameterized query with placeholder and bound value
$user = User::whereRaw("id = ?", [$userId])->first();
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.