PDA

View Full Version : sql injection attacks... myth or truth?

alaios
05-18-2005, 06:27 PM
Hi.. i am trying to create some sql queries susceptible to injection attacks in order to realize all the aspects for this hot issue.. the problem is that i am not able to create such a query
For example one classical login sql script is the below one
sql='select * from Users where username="' . $_POST["username"] . '" and password_2="' .$_POST["password"] . '"' ;

I am trying to change it a little in order to take access on the systemm..
the query has this format select... from .. where username='username' and password='password'

If i can alter it to select... from .. where username='username' and password='password' or 1=1
so i can easily gain access in the sytem..
The problem is that when i enter some quotes the php automatically put a \ so i cannot modify it at all. So i have started wondering if mysql injection attack can really work or not.
Thx a lot
Basscyst
05-18-2005, 08:32 PM
I don't know PHP, but it may just be that it is less suseptable(sp?) do to the fact that you mentioned. In ASP you have to comment out the quote manually. Really though, IMHO it's a thing of the past. Coming accross a site that it would work on this day and age is rare and if it does was probably coded by a ree-ree. :p Anyhow, I don't know that we should be talking about this here.

Basscyst
whackaxe
05-18-2005, 08:49 PM
http://www.unixwiz.net/techtips/sql-injection.html

this site has an example of a attack

AFAIK one of the myths of SQL injections in PHP is writing this in a field:

"nothing; SELECT * FROM users;"

now this would be fine if PHP had multiple query execution enabled in mySQL(which is used by most people), but it doesn't so there goes that attack.

anyway, php.net have got it covered:

http://php.mirrors.powertrip.co.za/manual/en/security.database.sql-injection.php
Tangerine Dream
05-18-2005, 10:14 PM
So i have started wondering if mysql injection attack can really work or not.
Hi, it really can work. Check Secure your SQL queries!!! (http://www.sitepoint.com/forums/showthread.php?t=60643) SitePoint' thread
Basscyst
05-18-2005, 10:33 PM
Wow, that was actually very informative, not the prevention but the techniques the attackers ( :mad: ) use. Couple things in there I didn't know. :thumbsup: I still don't agree that it works very often nowadays, the threat however is very real.

Basscyst