Profil User VULNERABLE
Kerentanan: parameter
?user_id= digunakan langsung di query SELECT dan JOIN orders.
Query profil:
SELECT * FROM users WHERE id = 1
Data User
| ID | 1 |
|---|---|
| Username | admin |
| Password | admin123 |
| admin@lab.local | |
| Role | admin |
Query orders:
SELECT o.*, p.name as product_name FROM orders o JOIN products p ON o.product_id = p.id WHERE o.user_id = 1
Riwayat Order
| Order ID | Produk | Qty | Total | Tanggal |
|---|---|---|---|---|
| 1 | Laptop Dell XPS 15 | 1 | Rp 18.500.000 | 2026-05-27 15:23:22 |