Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Added sqlInjection prevention.
The login form parameter username was vulnerable. SQLMap output: --------------------- POST parameter 'myusername' is vulnerable. sqlmap identified the following injection point(s) with a total of 910 HTTP(s) requests: --- Parameter: myusername (POST) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: myusername=uoev' RLIKE (SELECT (CASE WHEN (6566=6566) THEN 0x756f6576 ELSE 0x28 END)) AND 'cyMw'='cyMw&mypassword=&Submit=TzWk --------------------- added prepared statement to prevent sql injection
- Loading branch information