...

View Full Version : Sql Injection Vulnerabilty Script



Arnack
04-29-2006, 10:40 PM
Does anyone have a full login/form script of a vulnerable SQL Injection login? If so, please post!
-Arnack

cdwhalley.com
04-29-2006, 11:40 PM
If you want a log-in script that is vulnerable to SQL attacks:


$input_username = $_POST['username'];//get the inputted username
$input_password = $_POST['password'];//get the inputted password

$query = "SELECT password FROM users WHERE username='$input_username'";//get the password from the username entered

$result = mysql_query($query);

if (mysql_num_rows($result) > 0) {//if username exists
$row = mysql_fetch_array($result);//put the query result into an array
$db_password = $row['password'];//assign password to a variable

if ($db_password == $input_password) {
//log in
} else {
//incorrect password
}

} else {
//incorrect username
}


You could put the password in the form as "password;update users set permission='all' where id='287';" or something...

chump2877
04-29-2006, 11:46 PM
Look at the example of a mysql injection attack on this page: http://us2.php.net/manual/en/function.mysql-real-escape-string.php

GJay
04-30-2006, 09:10 AM
You could put the password in the form as "password;update users set permission='all' where id='287';" or something...

No you couldn't, mysql_query can only execute a single query.

cdwhalley.com
04-30-2006, 11:29 AM
Quite right.
You can see that I've never tried hacking...
But the vulnerability is still there



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum