Security Vulnerability in Login-SignUp Project – SQL Injection Risk

[abimelsbk]

I discovered a SQL Injection vulnerability in the login functionality. Currently, user input is passed directly into the SQL query without parameterization or proper sanitization, allowing an attacker to manipulate the query.

Proof of Concept (PoC):

• Go to the login form.
• Enter the following in the username field:

' OR '1'='1

and leave the password field blank (or any random value).

• The application grants access without valid credentials.

Impact:

1. Bypass authentication without valid credentials.
2. Access or modify sensitive user data in the database.
3. Potential full database compromise.

Recommendation:

1. Use prepared statements with parameter binding (mysqli_stmt_bind_param).
2. Validate and sanitize all user inputs before using them in queries.
3. Avoid concatenating user inputs directly into SQL statements.