I scanned my login script using SQL Inject Me Firefox addon
According to the Test Results, my script was vulnerable to SQL Injection. Result by example
Results:
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE
Server Status Code: 302 Found
Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31
My script
check-login.php - To check login detail and here is the code.
$email = clean($_POST['username']); $pass = clean($_POST['password']); $user = "select * from tbl_admin where admin='$email' and pass='$pass'";
// some code
$_SESSION['login_mes'] = "You have successfully logged in !"; header("Location:admin.php"); exit();
} else {
$_SESSION['login_mes'] = "Invalid email address or password, please try again."; header("Location:login.php"); exit(); }
The problems came when login failed. If I remove the
} else {
$_SESSION['login_mes'] = "Invalid email address or password, please try again.";
header("Location:login.php");
exit();
}
No failures detect by SQL Inject Me and how to fix this part?
302 is the server's way of saying "I want you to go to [somewhere else]" (in this case login.php). It is not an error but a perfectly normal response. Especially in your case it makes much more sense (if you ask me) to send the user to a login page after a SQL injection attempt than to let him in.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With