eonsik
commented
4 years ago Solution: force HTTPS, firewalls, and disable dynamic SQL
Open eonsik opened 4 years ago
eonsik
commented
4 years ago Solution: force HTTPS, firewalls, and disable dynamic SQL
The login GUI has a SQL injection vulnerability. This SELECT statement returns the first username in the user table, regardless of the username and password input.
@jeftsd @eonsik