Security vulnerability

[SakiiR]

Hey, there is a security vulnerability in your project that gave me the possiblity to execute code on the hosted server.

The fact that you are allowing file upload on your server is good. But, you should protect your form by retricting the file extension. I could use this to upload a php file and execute code on the server.

PS: in db.php there is also a SQL Injection :)

$qresult = $link->query("SELECT * FROM login WHERE username='$username'");

I thing you may document yourself about IT Security before publishing code on internet. It can cause you a lot more troubles

[isaychris]

Hi SakiiR, I appreciate you taking the time to look through my code. I didn't expect anyone to look at my past projects lol. Security is something I still have to learn. Thanks for the heads up.

…

On Sat, May 5, 2018, 5:47 PM SakiiR ***@***.***> wrote: Hey, there is a security vulnerability in your project that gave me the possiblity to execute code on the hosted server. The fact that you are allowing file upload on your server is good. But, you should protect your form by retricting the file extension. I could use this to upload a php file and execute code on the server. PS: in db.php there is also a SQL Injection :) $qresult = $link->query("SELECT * FROM login WHERE username='$username'"); — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#1>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AP6lLEmJUZfNn9t6SUxo1mL_pxdNa45Oks5tvkg-gaJpZM4Tz2Nn> .

[hasali-coder]

Hello, i am interested in the proje and i downloaded it but seems to be no SQL file for the database connection,