oop-php-authentication-system icon indicating copy to clipboard operation
oop-php-authentication-system copied to clipboard

Published 20 hours ago verified publisher icon ashawkat

[Vulnerability] SQL-Injection

Open thefLink opened this issue 7 years ago • 1 comments

Hey, your file 'class.user.php' is vulnerable to sql injection as you pass the parameters directly and unfiltered in the sql queries. Like this your 'authentication system' does not provide any authentication and is easy to bypass. I would suggest you use prepared statements in order to mitigate this vulnerability.

As a POC register any user and login in like: username: themail'# password: anything

Cheers, flink

thefLink avatar Jul 30 '17 17:07 thefLink

Hi @thefLink, As you can see this one is really very old & I did this because the people would love to checkout the easiest way. If you want to contribute then you can push your changes I'll revise everything & merge that. I haven't used any sort of validation here. Just done this so that a newcomer can easily understand how this login & registration actually works. Thanks again.

ashawkat avatar Jul 30 '17 18:07 ashawkat