Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SQL injection is not working correctly

Tags:

sql

php

mysql

sql-injection

I'm trying to perform an SQL injection on a dummy website created on my localhost for a security testing project.

I tried to enter the string " OR "=' into the username and password field so it should bypass it and display Login Correct - But instead it displays login failed

Any help to understand why SQL injection is not working

<?php
    mysql_connect('localhost', 'root', '');
    mysql_select_db('test');

    if(isset($_POST['username'])&&isset($_POST['password'])){
       $username =$_POST['username'];
       $password = $_POST['password'];
       echo $username;
       echo $password;

       if(!empty($username)&&!empty($password)){
          $query ="SELECT id FROM users WHERE username = '$username' AND password = '$password'";
          $query_run = mysql_query($query);

          if(mysql_num_rows($query_run)>=1){
              echo 'Login Correct';
          }else{
              echo 'Login Failed';
          }
       }
    }
?>
<form action="test.php" method="POST">
   Username: <input type="text" name="username">
   Password: <input type="text" name="password">
   <input type="submit" value="Submit">
</form>
like image 829
Hashey100 Avatar asked Jan 06 '13 14:01

Hashey100

People also ask

What is SQL injection and why is it a problem?

SQL injection is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.

What is SQL injection error?

SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. Attackers can use SQL Injection vulnerabilities to bypass application security measures.

What are the solution for injection attacks?

How to prevent SQL injection attacks. Avoid placing user-provided input directly into SQL statements. Prefer prepared statements and parameterized queries, which are much safer. Stored procedures are also usually safer than dynamic SQL.

2 Answers

Your injection string should be like this:
Username and password:

' or '1' = '1

Username (often) or password: (It depends on which one come first in the query)
# comments rest of the query.

' or '1'='1' #

For more information about SQL injection, you can check out this perfect url:
The SQL Injection Knowledge Base

like image 99
Siamak Motlagh Avatar answered Oct 22 '22 16:10

Siamak Motlagh

Try injecting this: ' or '1' = '1' --

'1' = '1' is always true and -- says everything after the -- is an comment and won't be checked.

like image 22
P1nGu1n Avatar answered Oct 22 '22 18:10

P1nGu1n
Sign in to Comment

Related questions

PHP Memcached extension result codes
php.ini include_path
crontab php file and output to log file result
How do you indent your HTML? [duplicate]
Dependency injection: should I inject everything or use a service locator for some objects?
Opposite of array_chunk [duplicate]
PHP Session variable not getting set
Can a single Apache server handle both Tomcat and PHP?
mysql delivering a 'Can't initialize character set utf-8 (path: /usr/share/mysql/charsets/)' error, no utf8.xml file there
Inserting Registered Trademark Symbol/Copyright Symbol into MySQL with PHP
Quick benchmark from the command line
gii not working in yii
How to get object by "id" from propel object collection?
PHP Warning ZipArchive::extractTo(): Permission denied
Why can't I access the array with index directly?
PHP PDO to MS SQL Server on Ubuntu Server
Add quotation marks to comma delimited string in PHP
Facebook PHP API login window popup
Get all POST data and send in email
MySQL Merging my selects together

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!