Findings
In the listbox below, you will see the 5 findings for this scan request.
(Vulnerability) Secret in URL
./web-app/login.php:9 Password ''$password'' found in URL inside 'SELECT * FROM users WHERE username='$username' AND password='$password''.
./web-app/login.php:9(Vulnerability) Secret in URL
./web-app/login.php:9 Password ''$password'' found in URL inside 'SELECT * FROM users WHERE username='$username' AND password='$password''.
./web-app/login.php:9(Message) Scan Request Complete
Finished scanning, we have 4 findings.
(Warning) SQL Queries
SQL query and a user controlled variable are concaternated. That does not sound good but is no direct indication of a vulnerability as the variable could be filtered or checked.
./web-app/login.php:9(Warning) SQL Queries
SQL query-like string literal 'SELECT * FROM users WHERE username='$username' AND password='$password'' contains '$', which could mean variable concaternation.
./web-app/login.php:9