| عنوان | online-banking web 1 SQL Injection |
|---|
| الوصف | The vulnerability in the online-banking system at https://github.com/RashminDungrani/online-banking?tab=readme-ov-file#screenshots stems from the fact that the login verification logic in the auth_login.php file does not use parameterized queries (prepared statements). The user-input parameters username and password are directly concatenated into the SQL statement, enabling attackers to tamper with the SQL query logic by constructing malicious inputs, thereby achieving login bypass or data theft. |
|---|
| المصدر | ⚠️ https://github.com/BrillBigbang/hole-gap/blob/main/online-banking-have-sql.docx |
|---|
| المستخدم | Brill (UID 92630) |
|---|
| ارسال | 21/11/2025 07:51 AM (5 أشهر منذ) |
|---|
| الاعتدال | 06/12/2025 06:15 PM (15 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 334612 [RashminDungrani online-banking حتى 2337ad552ea9d385b4e07b90e6f32d011b7c68a2 auth_login.php أسم المستخدم حقن SQL] |
|---|
| النقاط | 20 |
|---|