search

vish07 / WackoPicko

WackoPicko is a vulnerable web application used to test web application vulnerability scanners.
MIT License
0 stars 0 forks source link

CX SQL_Injection @ website/users/register.php [master] #20

Open vish07 opened 4 years ago

vish07 commented 4 years ago

SQL_Injection issue exists @ website/users/register.php in branch master

Method <?php at line 1 of website\users\register.php gets user input from the _POST element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method create_user at line 30 of website\include\users.php. This may enable an SQL Injection attack.

Severity: High

CWE:89

Vulnerability details and guidance

Checkmarx

Lines: 18

Code (Line #18):

   else if ($new_id = Users::create_user($_POST['username'], $_POST['password'], $_POST['firstname'], $_POST['lastname'], False))
vish07 commented 4 years ago

Issue still exists.

vish07 commented 4 years ago

Issue still exists.