We have been attacked; the hackers entered the system from a page that's in the code shown below, but we couldn't figure out the actual problem in this code. Could you point out the problem in this code and also a possible fix?
<?php
//login.php page code
//...
$user = $_POST['user'];
$pass = $_POST['password'];
//...
mysql_connect("127.0.0.1","root","");
mysql_select_db("xxxx");
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$pass = hash("sha1",$pass, true);
//...
$query = "select user, pass from users where user='$user' and pass='$pass'";
//...
?>
from sql injection vulnerable code even we are sanitizing the input mysql_real_escape_string
No comments:
Post a Comment