| tiêu đề | Ecommerce-Clothing-Website web 1 SQL Injection |
|---|
| Mô tả | Ecommerce-Clothing-Website has an SQL injection vulnerability: In the /log.php file of the website, lines 69-79, the user input password (log_pass) is directly concatenated into the SQL query to fetch users without any filtering, resulting in an SQL injection vulnerability in the login functionality. By entering 'or'1'='1 in the password input box, the password verification can be bypassed to log in successfully. The project setup requires downloading the project from GitHub https://github.com/yousaf530/Ecommerce-Clothing-Website. |
|---|
| Nguồn | ⚠️ https://github.com/mhszed/Report/blob/main/Ecommerce-Clothing-Website%20sql.docx |
|---|
| Người dùng | mahushuai (UID 91047) |
|---|
| Đệ trình | 30/09/2025 04:02 (cách đây 7 các tháng) |
|---|
| Kiểm duyệt | 12/10/2025 08:26 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 328071 [yousaf530 Inferno Online Clothing Store đến 827dd42bfbe380e8de76fdc67958c24cf1246208 /log.php cemail/password Tiêm SQL] |
|---|
| điểm | 20 |
|---|