Skip to content

SQLInjection fixed in loginValidation.php#42

Open
eliasbiagioni wants to merge 1 commit into
AshRahman:mainfrom
eliasbiagioni:main
Open

SQLInjection fixed in loginValidation.php#42
eliasbiagioni wants to merge 1 commit into
AshRahman:mainfrom
eliasbiagioni:main

Conversation

@eliasbiagioni

Copy link
Copy Markdown

Wapiti3 report in login.php request.
SQL Injection in:

POST /login.php HTTP/1.1
    Host: localhost:82
    Referer: http://localhost:82/login.php
    Content-Type: application/x-www-form-urlencoded

    user_name=alice&pass=%C2%BF%27%22%28&signinBtn=Sign+in

We added the fix with MySqli prepared statements to avoid SQLInjection.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant