Submission Details
Severity:
Improper Input Validation
Summary
User inputs are not adequately validated, potentially leading to injection attacks.
Vulnerability Details
Affected Code Sections: src/controllers/userController.js (lines 23-25)
Details: Unsantized user input in database queries vulnerable to SQL injection.
Code Snippet:
const username = req.body.username;
const password = req.body.password;
const query = `SELECT * FROM users WHERE username = '${username}' AND password = '${password}'`;
Impact
Data breaches or unauthorized access.
Tools Used
Recommendations
Implement input validation/sanitization (e.g., using express-validator).
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
69929 USDC / LOC
19,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.