At first blush, this feels like it's essentially a run of the mill SQL injection, not exactly a "flaw". User input is being sent to the query in an unsafe way. Same old story? Or am I missing something?
Though, I've certainly written queries that are this shape. Hmm. Time to take a closer look.
In a broader view, perhaps the "flaw" is that PDO doesn't allow binding for table/column names.
https://social.skynetcloud.site/@jos1264/114891679504811946
Kevin Boyd (he/him) 🇨🇦
npub1w6…zewgg
2025-07-21 15:59:11 UTC
Author Public Key
npub1w6lns0vz7hplpsxadn9zqxkqaxgueqxf4wkwj0nl0qwymjjg0ysq2zewggSeen on
wss://relay.mostr.pubPublished at
2025-07-21 15:59:11 UTCEvent JSON
{
"id": "9b8e9b51b1c8ddf926b540a9b4999a8f9f51846e85a49a332fd79dededa388b0",
"pubkey": "76bf383d82f5c3f0c0dd6cca201ac0e991cc80c9abace93e7f781c4dca487920",
"created_at": 1753113551,
"kind": 1,
"tags": [
[
"proxy",
"https://phpc.social/users/kboyd/statuses/114892049727821222",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.mostr.pub"
]
],
"content": "At first blush, this feels like it's essentially a run of the mill SQL injection, not exactly a \"flaw\". User input is being sent to the query in an unsafe way. Same old story? Or am I missing something?\n\nThough, I've certainly written queries that are this shape. Hmm. Time to take a closer look.\n\nIn a broader view, perhaps the \"flaw\" is that PDO doesn't allow binding for table/column names.\nhttps://social.skynetcloud.site/@jos1264/114891679504811946",
"sig": "7934d97ac79bd48497dd116c476b2c32435d3625a8be0032ade6fe2bd698bd431539ae984ae19dcfdaddf6b8b6bbb5b189cb6484d35fa17eac8ef8e64869b7ac"
}