| Title | online-banking web 1 SQL Injection |
|---|
| Description | The vulnerability in the online-banking system at https://github.com/RashminDungrani/online-banking?tab=readme-ov-file#screenshots stems from the fact that the login verification logic in the auth_login.php file does not use parameterized queries (prepared statements). The user-input parameters username and password are directly concatenated into the SQL statement, enabling attackers to tamper with the SQL query logic by constructing malicious inputs, thereby achieving login bypass or data theft. |
|---|
| Source | ⚠️ https://github.com/BrillBigbang/hole-gap/blob/main/online-banking-have-sql.docx |
|---|
| User | Brill (UID 92630) |
|---|
| Submission | 11/21/2025 07:51 (5 months ago) |
|---|
| Moderation | 12/06/2025 18:15 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 334612 [RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2 auth_login.php Username sql injection] |
|---|
| Points | 20 |
|---|