🛒 sekumartdeals so good it should be illegal
USD EUR GBP 🏴 0/6 🛒 cart (0) login
security level: low medium high impossible

Source: login (security level: low)

Flip the security level in the header to compare the vulnerable and fixed code paths.

<?php // LOW: username concatenated raw -> classic auth bypass (e.g. username: admin'-- )
$q "SELECT id,uname FROM users WHERE uname='$u' AND pass='".md5($p)."'";
$res=@mysqli_query(db(),$q); $ok=false$loginname=$u;
if(
$res && $row=mysqli_fetch_assoc($res)){ $ok=true$loginname=$row['uname']; }