Fix

AikidoSec · Jan 9, 2025 · 6885ac8 · 6885ac8
1 parent 2c50898
commit 6885ac8
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/tests/cli/sql_injection/sql_injection_sqlite_dollar_placeholder.phpt b/tests/cli/sql_injection/sql_injection_sqlite_dollar_placeholder.phpt
@@ -5,6 +5,12 @@ Test SQLite database operations
 AIKIDO_LOG_LEVEL=INFO
 AIKIDO_BLOCK=1
 
+--POST_RAW--
+Content-Type: application/json
+{
+    "test": "1' OR $$ IS NULL -- "
+}
+
 --FILE--
 <?php
 try {
@@ -17,12 +23,8 @@ try {
 
     $pdo->exec("INSERT INTO users (name, email) VALUES ('John Doe', '[email protected]')");
 
-    // Simulate user input
-    $unsafeInput = "1' OR $$ IS NULL -- ";
-    $_SERVER['HTTP_USER'] = $unsafeInput;
-
     // Vulnerable query
-    $result = $pdo->query("SELECT * FROM users WHERE id = '$unsafeInput'");
+    $result = $pdo->query("SELECT * FROM users WHERE id = '1' OR $$ IS NULL -- '");
 
     foreach ($result as $row) {
         echo "ID: " . $row['id'] . "\n";