| Título | codezips eCommerce 1.0 SQL Injection |
|---|
| Descrição | A SQL injection vulnerability was found in the '/login.php' file of the 'E-commerce Site Using PHP With Source Code' project: https://github.com/mohsinenur/E-Commerce-Website-Using-PHP
Within the login.php file, the function "mysql_real_escape_string" is used to sanitize user inputs before embedding them into SQL queries. However, this method is does not provide sufficient protection against SQL injection attacks. The underlying SQL query writes:
$result = mysql_query("SELECT * FROM user WHERE (email='$user_login') AND password='$password_login_md5' AND activation='yes'");
and allows an attacker to inject malicious SQL statements. For instance, by inputting " ' OR '1'='1 " in the email field, the query becomes:
SELECT * FROM user WHERE (email='' OR '1'='1') AND password='' AND activation='yes';
|
|---|
| Fonte | ⚠️ https://geochen.medium.com/sqli-in-login-php-of-e-commerce-website-using-php-1abacb5e2ccd |
|---|
| Utilizador | geochen (UID 78995) |
|---|
| Submissão | 19/12/2024 16h03 (há 1 Ano) |
|---|
| Moderação | 20/12/2024 23h35 (1 day later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 289142 [Codezips E-Commerce Website 1.0 /login.php email Injeção SQL] |
|---|
| Pontos | 17 |
|---|