| عنوان | codezips eCommerce 1.0 SQL Injection |
|---|
| الوصف | A SQL injection vulnerability was found in the '/login.php' file of the 'E-commerce Site Using PHP With Source Code' project: https://github.com/mohsinenur/E-Commerce-Website-Using-PHP
Within the login.php file, the function "mysql_real_escape_string" is used to sanitize user inputs before embedding them into SQL queries. However, this method is does not provide sufficient protection against SQL injection attacks. The underlying SQL query writes:
$result = mysql_query("SELECT * FROM user WHERE (email='$user_login') AND password='$password_login_md5' AND activation='yes'");
and allows an attacker to inject malicious SQL statements. For instance, by inputting " ' OR '1'='1 " in the email field, the query becomes:
SELECT * FROM user WHERE (email='' OR '1'='1') AND password='' AND activation='yes';
|
|---|
| المصدر | ⚠️ https://geochen.medium.com/sqli-in-login-php-of-e-commerce-website-using-php-1abacb5e2ccd |
|---|
| المستخدم | geochen (UID 78995) |
|---|
| ارسال | 19/12/2024 04:03 PM (1 سنة منذ) |
|---|
| الاعتدال | 20/12/2024 11:35 PM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 289142 [Codezips E-Commerce Website 1.0 /login.php email حقن SQL] |
|---|
| النقاط | 17 |
|---|