Enviar #287648: keerti1924 PHP-MYSQL-User-Login-System 1.0 SQL Injectioninformación

Títulokeerti1924 PHP-MYSQL-User-Login-System 1.0 SQL Injection
DescripciónA SQL injection vulnerability was discovered in the login.php script of the PHP-MYSQL-User-Login-System developed by keerti1924. By injecting malicious SQL code via the 'email' parameter, attackers can bypass authentication and gain unauthorized access to the application. The flaw allows for the execution of a UNION SELECT statement, enabling retrieval of sensitive data. Notably, successful exploitation requires the 'password' parameter to match the hash of the injected password, exacerbating the risk of unauthorized access.
Fuente⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20PHP-MYSQL-User-Login-System/SQLI%20Auth.md
Usuario
 nochizplz (UID 64302)
Sumisión2024-02-25 07:00 (hace 2 años)
Moderación2024-03-07 15:34 (11 days later)
EstadoAceptado
Entrada de VulDB256034 [keerti1924 PHP-MYSQL-User-Login-System 1.0 /login.php email inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!