Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Nov 2005
    Posts
    58
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Sql Injection Vulnerabilty Script

    Does anyone have a full login/form script of a vulnerable SQL Injection login? If so, please post!
    -Arnack

  • #2
    New Coder
    Join Date
    Apr 2006
    Location
    UK
    Posts
    50
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If you want a log-in script that is vulnerable to SQL attacks:
    PHP Code:
    $input_username $_POST['username'];//get the inputted username
    $input_password $_POST['password'];//get the inputted password

    $query "SELECT password FROM users WHERE username='$input_username'";//get the password from the username entered

    $result mysql_query($query);

    if (
    mysql_num_rows($result) > 0) {//if username exists
        
    $row mysql_fetch_array($result);//put the query result into an array
        
    $db_password $row['password'];//assign password to a variable
        
        
    if ($db_password == $input_password) {
            
    //log in
        
    } else {
            
    //incorrect password
        
    }

    } else {
        
    //incorrect username

    You could put the password in the form as "password;update users set permission='all' where id='287';" or something...

  • #3
    Senior Coder chump2877's Avatar
    Join Date
    Dec 2004
    Location
    the U.S. of freakin' A.
    Posts
    2,845
    Thanks
    21
    Thanked 157 Times in 148 Posts
    Look at the example of a mysql injection attack on this page: http://us2.php.net/manual/en/functio...ape-string.php
    Regards, R.J.

    ---------------------------------------------------------

    Help spread the word! Like my YouTube-to-Mp3 Conversion Script on Facebook !! :-)
    [Related videos and tutorials are also available at my YouTube channel and on Dailymotion]
    Get free updates about new software version releases, features, and bug fixes!
    ♪♪ …Need Web Hosting For My YouTube-To-Mp3 Conversion Software? Check Here !!… ♪♪

  • #4
    Senior Coder
    Join Date
    Sep 2005
    Posts
    1,791
    Thanks
    5
    Thanked 36 Times in 35 Posts
    You could put the password in the form as "password;update users set permission='all' where id='287';" or something...
    No you couldn't, mysql_query can only execute a single query.

  • #5
    New Coder
    Join Date
    Apr 2006
    Location
    UK
    Posts
    50
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quite right.
    You can see that I've never tried hacking...
    But the vulnerability is still there


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •