| Title | codezips eCommerce 1.0 SQL Injection |
|---|
| Description | A SQL injection vulnerability was found in the '/login.php' file of the 'E-commerce Site Using PHP With Source Code' project: https://github.com/mohsinenur/E-Commerce-Website-Using-PHP
Within the login.php file, the function "mysql_real_escape_string" is used to sanitize user inputs before embedding them into SQL queries. However, this method is does not provide sufficient protection against SQL injection attacks. The underlying SQL query writes:
$result = mysql_query("SELECT * FROM user WHERE (email='$user_login') AND password='$password_login_md5' AND activation='yes'");
and allows an attacker to inject malicious SQL statements. For instance, by inputting " ' OR '1'='1 " in the email field, the query becomes:
SELECT * FROM user WHERE (email='' OR '1'='1') AND password='' AND activation='yes';
|
|---|
| Source | ⚠️ https://geochen.medium.com/sqli-in-login-php-of-e-commerce-website-using-php-1abacb5e2ccd |
|---|
| User | geochen (UID 78995) |
|---|
| Submission | 12/19/2024 04:03 PM (3 months ago) |
|---|
| Moderation | 12/20/2024 11:35 PM (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 289142 [Codezips E-Commerce Website 1.0 /login.php email sql injection] |
|---|
| Points | 17 |
|---|