0

I am using MacOSx and apache sever on XAMPP

Here is the link to my file - http://localhost:8080/logi/index.php and if I write sqlmap -u http://localhost:8080/logi/index.php?id=1 This error appear: [CRITICAL] all tested parameters do not appear to be injectable.

I want to check my login form for vulnerabilities but I don't understand which parameters I should write, which id or maybe I have to use --data?

Here is my code:

<?php
SESSION_START();
require ('connect.php');
//This is the validation for the login
if(isset($_POST['login'])){
    $sql="SELECT * FROM members WHERE email=? AND password=?";
    $ss=mysqli_prepare($connect,$sql);
    $ss->bind_param("ss",$eu,$pe);
    $eu=$_POST['email'];
    $pe=$_POST['password'];
    $ss->execute();

    if(!empty($eu) && !empty($pe) && $ss->fetch()>0){
        $_SESSION['email']=$_POST['email'];
        header('Location:welcome.php');
    }

    if(empty($eu)){
        $eerr="Did you forget your email?";
    }elseif(empty($pe)){
        $pwerr="Password required";
    }elseif($ss->fetch()!==1){
        $eerr="That account do not exist";
    }


}

//This is the validation for registration
if(isset($_POST['register'])){
    $sql="SELECT * FROM members WHERE email=?";
    $sss=mysqli_prepare($connect,$sql);
    $sss->bind_param("s",$e);
    $e=$_POST['remail'];
    $pw=$_POST['rpassword'];
    $sss->execute();

    if(!empty($e) && !empty($pw) && $sss->fetch()<1 && filter_var($e, FILTER_VALIDATE_EMAIL)){
        $sql="INSERT INTO members (email,password)VALUES(?,?)";
        $sss=mysqli_prepare($connect,$sql);
        $sss->bind_param("s",$e);
        $pq=$_POST['rpassword'];
        $sss->execute();
        echo"You have signed up!";
    }

    if(empty($e)){
        $emailerr="Please provide your email adress!";
    }elseif(empty($pw)){
        $passworderr="Choose a password";
    }elseif($sss->fetch()>0){
        $emailerr="That account exist";
    }elseif(!filter_var($e, FILTER_VALIDATE_EMAIL)){
        $emailerr="Invalid email";
    }


}


?>
<!DOCTYPE html>
<html>
<head>
<title>Login and Registration</title>
<style>
span{
    color:red;
}
</style>
</head>
<body>
Login
<form action="" method="POST">
<input type="text" name="email" placeholder="Email"/><span><?php echo $eerr;?><span><br>
<input type="password" name="password" placeholder="Password"/><span><?php echo $pwerr;?></span><br>
<input type="submit" name="login" value="Login"/>
</form>
<br><br>
Register
<form action="" method="POST">
<input type="text" name="remail" placeholder="Email"><span>*<?php echo $emailerr;?></span><br>
<input type="password" name="rpassword" placeholder="Password"><span>*<?php echo $passworderr;?><span><br>
<input type="submit" name="register" value="Register"/>
</form>
</body>
</html
Timon S
  • 26
  • 4

0 Answers0