| Название | online-banking web 1 SQL Injection |
|---|
| Описание | The vulnerability in the online-banking system at https://github.com/RashminDungrani/online-banking?tab=readme-ov-file#screenshots stems from the fact that the login verification logic in the auth_login.php file does not use parameterized queries (prepared statements). The user-input parameters username and password are directly concatenated into the SQL statement, enabling attackers to tamper with the SQL query logic by constructing malicious inputs, thereby achieving login bypass or data theft. |
|---|
| Источник | ⚠️ https://github.com/BrillBigbang/hole-gap/blob/main/online-banking-have-sql.docx |
|---|
| Пользователь | Brill (UID 92630) |
|---|
| Представление | 21.11.2025 07:51 (5 месяцы назад) |
|---|
| Модерация | 06.12.2025 18:15 (15 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 334612 [RashminDungrani online-banking до 2337ad552ea9d385b4e07b90e6f32d011b7c68a2 auth_login.php Имя пользователя SQL-инъекция] |
|---|
| Баллы | 20 |
|---|