This is a dedicated watch page for a single video.
A security administrator notices that the log file of the company’s webserver contains suspicious entries: [20/Mar/2011:10:49:07] "GET /login.php?user=test'+oR+3>2%20-- HTTP/1.1" 200 9958 [20/Mar/2011:10:51:02] "GET /login.php?user=admin';%20-- HTTP/1.1" 200 9978 The administrator decides to further investigate and analyze the source code of the login.php file: php include('../../config/db_connect.php'); $user = $_GET['user']; $pass = $_GET['pass']; $sql = "SELECT * FROM USERS WHERE username = '$user' AND password = '$pass'"; $result = mysql_query($sql) or die ("couldn't execute query"); if (mysql_num_rows($result) != 0) echo 'Authentication granted!'; else echo 'Authentication failed!'; ?> Based on the source code analysis, the analyst concludes that the login.php script is vulnerable to: