Can someone Inject malicious SQL to my SQL query?

I build a simple chat with MySQL. It has a table called users and two colums: id and username. I use the following query to extract username and ID by ID.

Is there a way someone can Inject malicios SQL ? and How ?

Limit is used to only allow 1 result to come out

$query = 'SELECT id, username FROM users WHERE id=' . $id . ' LIMIT 1';

Go to Source
Author: harabatahat

How to determine possible SQL injection vulnerability?

I ran the OWASP SQL injection scanner tool on a website’s sign-in page I formerly operated and two vulnerable parameters displayed. The first parameter was “returnURL” and the second one was “isLogin” showing POST DATA: IsLogin=true AND 1=1 —

What does this mean and how do I exploit this for testing purposes and ultimately fix the potential error? Should I use a Kali tool such as MySQL or do you have other suggestions?

Go to Source
Author: thenewcoder

Easy way to bypass password on my computer

I was not able to formule a question so maybe this was already solved, and if that’s the case, sorry.
But I found a huge vulnerability on my computer. It’s a portable computer with a Win10/Ubuntu 20.04 dual boot.
When I’m logged in, and that I lock my session, this sends me to the login screen, okay. But then, if I do Ctrl+Alt+F3 to go to the terminal mode, and then do Ctrl+Alt+F7 to leave terminal mode, this simply unlocks my session !
It doesn’t work at computer start though, the session must be started and locked.
Note that when I close my computer this doesn’t lock my session even if it’s activated in the settings.
This is a critical vulnerability but it’s doesn’t work at all on my friend’s computer which is also a Win10/Ubuntu 20 dual boot.
I don’t know why this happens to me, any idea of solving this ?

Thanks for you time

Go to Source
Author: Double VĂ©


This does not seem to be a normal behavior from what I’ve experienced at all as far as I can remember. I know before I was fond of having my Linux desktop auto-login on startup. I think I also opted to have it login automatically after sleep/suspend. Perhaps the switch to a different TTY/console constitutes as the same behavior. This looks a lot like buggy behavior to me.

I would go so far as to document on how to replicate it, and report it as a bug. Call the attention of the developers so this can be looked into and fixed if necessary.