mysql - how to inject sql in login process -



mysql - how to inject sql in login process -

i've received old application lacks user input sanitization , vulnerable sql injection. prove gravity of situation need give client illustration , can improve scare him login process. i've tried standard techniques problem them homecoming multiple rows , due nature of code returns error instead of logging him in. sql should inject single row returned , execution reaches "return $access" line in order pass value of "access" column code calling login function. request made via post method , magic quotes off on server. please allow me know if need other information.

function login($username, $pw) { global $dbname, $connection, $sqluser, $sqlpw; $db = mysql_connect($connection,$sqluser,$sqlpw); mysql_select_db($dbname); if(!($dba = mysql_query("select * users username = '$username' , password = '$pw'"))){ printf("%s", sprintf("internal error5 %d:%s\n", mysql_errno(), mysql_error())); exit(); } $row = mysql_fetch_array($dba); $access = $row['access']; if ($access != ''){ homecoming $access; } else { homecoming "error occured"; } mysql_close ($db); }

note: turns out magic_quotes_gpc turned on , php version 5.2.17

thanks

starting goal query:

select * users username = '' or '1'='1' , password = '' or 1=1 limit 1;#'

we username ' or '1'='1 , password ' or 1=1 limit 1;#

mysql sql-injection

Comments

Post a Comment

Popular posts from this blog

c - Compilation of a code: unkown type name string -

c - Compilation of a code: unkown type name string - i have next lines of code compiler says following: "unknown type name 'string'" both in declaration , definition of function. can tell me what's wrong? thanks. #include <stdio.h> #include <stdlib.h> #include <string.h> void frecognizeclient(string *actualclient) there no string type in c. need utilize array so: char array[10]; then can pass in function: void frecognizeclient(char *actualclient); c arrays string compilation
Read more

ubuntu - Bash Script to Check That Files Are Being Created -

ubuntu - Bash Script to Check That Files Are Being Created - we have amazon ec2 instance upload output our security cameras. every , then, cameras have issue, stop uploaded, , need rebooted. easy way determine seeing if files not beingness created. problem creates lots , lots of files. if utilize find -ctime, takes long time script run. there faster way check see if files have been created since yesterday? need capture result, (yes there files, or not there not,) , email message, nice have didn't take half hr run. #!/bin/bash find /vol/security_ftp/west -ctime -1 find /vol/security_ftp/backentrance -ctime -1 find /vol/security_ftp/boardroomdoor -ctime -1 find /vol/security_ftp/mainentrance -ctime -1 find /vol/security_ftp/north -ctime -1 find /vol/security_ftp/south -ctime -1 using find natural solution, if must avoid it, can see newest file in directory using ls , sorting output according ctime, eg. ls /vol/security_ftp/west -clt | head --lines=1 ...
Read more

Php operator `break` doesn't stop while -

Php operator `break` doesn't stop while - have weird issue, break doesn't break while loop , maintain rotating. logically should break cycle , set output while ($c++ != 5) { // here curl request, doesn't relevant have removed preg_match("!<.*?>(\s*)[^<>]*?{$to}<!", $resp, $result) ; // echo 'cnt = ' .count($result).'<br>'; if(!count($result)) { $amount = 0; echo 'sleep called'; sleep(4); exit; continue; } else { $amount = trim(@$result[1]); $amount = round($amount + $amount * $exchange_ratio, $precision); echo 'break happen<br>'; break; } } so output cnt = 2 break happen cnt = 0 sleep called so skipped break , maintain rotating. how so? edit works fine on localhost issue php version? ...
Read more