Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I test my PHP MySQL injection example?

Tags:

I want to use PHP/Mysql injection with a login example, my code is below.

I have tried with a username of anything' -- and an empty password but it doesn't work and I couldn't log in.

Could anyone help me?

<?php
mysql_connect('localhost','root','root');
mysql_select_db('hp');
?>

<form action="" method="post">
<table width="50%">
    <tr>
        <td>User</td>
        <td><input type="text" name="user"></td>
    </tr>
    <tr>
        <td></td>
        <td><input type="text" name="password"></td>
    </tr>
</table>
    <input type="submit" value="OK" name="s">
</form>

<?php
if($_POST['s']){
    $user = $_POST['user'];
    $pass = $_POST['password'];     
    $re = mysql_query("select * from zend_adminlist where user_name = '$user' and password = '$pass'");

    if(mysql_num_rows($re) == 0){       
        echo '0';
    }else{
        echo '1';
    }
}
?>
like image 952
Thanh Nguyen Avatar asked Apr 02 '13 07:04

Thanh Nguyen

People also ask

How does SQL injection work with PHP?

What is PHP SQL Injection? When an attacker exploits a PHP application via an SQL Injection, they can gain access to the application's database and make the application execute unauthorized injected SQL commands to control the behavior of the application.

What is SQL injection explain methods to prevent it with example in PHP?

SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

Does Mysqli prevent SQL injection?

Parameterized queries solve SQL Injection vulnerabilities. This example uses PDO to fix the vulnerability but you can still use mysqli functions to prevent SQL Injection.

What is Mysql_real_escape_string?

The real_escape_string() / mysqli_real_escape_string() function escapes special characters in a string for use in an SQL query, taking into account the current character set of the connection. This function is used to create a legal SQL string that can be used in an SQL statement.

1 Answers

One of the most common examples is this query:

' or '1'='1

If you enter this as the username and password into some unsanitized login input the query changes like so:

Original: SELECT * FROM USERS WHERE USER='' AND PASS='';
Modified: SELECT * FROM USERS WHERE USER='' or '1'='1' AND PASS='' or '1'='1';

This causes each thing its looking for to be true, as 1 will always equal 1. Problem with this method is it does not allow the selection of a particular user. Doing so you need to make it ignore the AND statement by commenting it out as seen in other examples.

like image 52
Lemon Drop Avatar answered Sep 30 '22 09:09

Lemon Drop
Sign in to Comment

Related questions

html template tag and jquery
Opinion on ASP.NET MVC Onion-based architecture [closed]
Import csv into sqlite with autoincrementing primary key
Why does statically accessing class data members via pointers returns 1?
Can I have a single Google Maps API key for all my apps without registering their package names?
Retrieve results from regexp_matches as one row
Why is the Matlab function "feval" needed?
Why does returning an int in a method that should return a short work?
nuget package manager out of sync
Big matrix to run glmnet()
Exception handling in Grails controllers
Function checking if an integer type can fit a value of possibly different (integer) type

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!