Open in app

Sign in

Write

Sign in

CVE-2024–12884

George Chen
1 day ago

--

SQLI in login.php of “E-Commerce-Website-Using-PHP”

A SQL injection vulnerability was found in the ‘/login.php’ file of the ‘E-commerce Site Using PHP With Source Code’ project: https://github.com/mohsinenur/E-Commerce-Website-Using-PHP

Within the login.php file, the function “mysql_real_escape_string” is used to sanitize user inputs before embedding them into SQL queries. However, this method is does not provide sufficient protection against SQL injection attacks. The underlying SQL query writes:

$result = mysql_query(“SELECT * FROM user WHERE (email=’$user_login’) AND password=’$password_login_md5' AND activation=’yes’”);

and allows an attacker to inject malicious SQL statements. For instance, by inputting “ ‘ OR ‘1’=’1 “ in the email field, the query becomes:

SELECT * FROM user WHERE (email=’’ OR ‘1’=’1') AND password=’’ AND activation=’yes’;

Reference: https://vuldb.com/?submit.466519

--

--

George Chen
George Chen

Written by George Chen

68 Followers
7 Following

George is the Head of CloudSec and AppSec at Dyson. He's passionate about cyber innovation and has filed over 50 cybersecurity patents.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams