RashminDungrani Online Banking SQL Injection Vulnerability in auth_login.php
Vulnerability
A SQL injection vulnerability has been identified in RashminDungrani's online banking application, specifically in the auth_login.php file. This issue arises because the login verification process does not utilize parameterized queries, allowing attackers to manipulate the SQL query by injecting malicious input into the Username argument. The vulnerability can be exploited remotely, and an exploit is publicly available.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a request to the auth_login.php file with a crafted Username input that includes SQL injection payloads. The absence of parameterized queries in the login verification process will allow the injected SQL code to be executed by the database, manipulating the query logic and potentially bypassing authentication or accessing sensitive data.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.