How to show that the site is not safe?

A

Andrey R2017-07-19 13:43:52

PHP

Andrey R, 2017-07-19 13:43:52

In general, the site is written purely in php. With queries like:

function login($email,$password)
  {
    $mysqli=$this->dbconnect();
    $email=mysqli_real_escape_string($mysqli,$email);
    $password=sha1($password);
    $login_sql="select * from `u_clients` where email='$email' and password='$password'";
    $login_result=mysqli_query($mysqli,$login_sql) or die(mysqli_error($mysqli));
    $rows=array();
    while($row=mysqli_fetch_array($login_result,MYSQLI_ASSOC))
    {
      $rows[]=$row;
    }
    mysqli_close($mysqli);
    return $rows;
  }

I want to explain that this is not safe, and the site needs to be redone. But you need to prove it to the client. How to do it?
Perhaps you know how to do sql injection.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

N

Nazar Mokrinsky, 2017-07-19
@nazarpc

If you do not understand where the security problems are, then how will you remake it into a more secure one?

Y

Yuri Chudnovsky, 2017-07-19
@Frankenstine

https://www.google.com.ua/search?q=%D0%BA%D0%B0%D0...

I

Ilya Beloborodov, 2017-07-19
@kowap

insert a quote in the field, send and show the error