| 제목 | codezips eCommerce 1.0 SQL Injection |
|---|
| 설명 | A SQL injection vulnerability was found in the '/login.php' file of the 'E-commerce Site Using PHP With Source Code' project: https://github.com/mohsinenur/E-Commerce-Website-Using-PHP
Within the login.php file, the function "mysql_real_escape_string" is used to sanitize user inputs before embedding them into SQL queries. However, this method is does not provide sufficient protection against SQL injection attacks. The underlying SQL query writes:
$result = mysql_query("SELECT * FROM user WHERE (email='$user_login') AND password='$password_login_md5' AND activation='yes'");
and allows an attacker to inject malicious SQL statements. For instance, by inputting " ' OR '1'='1 " in the email field, the query becomes:
SELECT * FROM user WHERE (email='' OR '1'='1') AND password='' AND activation='yes';
|
|---|
| 원천 | ⚠️ https://geochen.medium.com/sqli-in-login-php-of-e-commerce-website-using-php-1abacb5e2ccd |
|---|
| 사용자 | geochen (UID 78995) |
|---|
| 제출 | 2024. 12. 19. PM 04:03 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 12. 20. PM 11:35 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 289142 [Codezips E-Commerce Website 1.0 /login.php email SQL 주입] |
|---|
| 포인트들 | 17 |
|---|