WebApp Sec mailing list archives
SQL injection
From: falcifer <falcifer2001 () yahoo es>
Date: 20 Apr 2003 12:24:14 +0000
I have the next web to evaluate a sql injection method.
but when i try to perform the injection the query looks like this
usuario--> ' or ''='
password--> sds
select count(*) from login where usuario='\' or \'\'=\'' and clave='sds'
how can i evade de slash???
-----------------------------------------------------------------------------
<form action="secret.php" method="POST" >
<center>Usuario <input type="text" name="usuario"><br>
Password <input type="password" name="password"><br><br>
<input type="submit" value="Log In"></center>
</form>
<?php
$mysql=mysql_connect('localhost','root','');
if($mysql)
{
$mysql=mysql_select_db('hackdb');
if($mysql)
{
$query="select count(*) from login where
usuario='$usuario' and
clave='$password'";
echo $query;
$result=mysql_query($query);
$count=mysql_result($result,0,0);
if ($count)
{
echo 'has conseguido entrar';
}
else
{
echo 'atentificacion fallida';
}
}
else
{
echo 'No se ha podido seleccionar la base de
datos';
exit;
}
}
else
{
echo 'No se puede conectar a la base de datos';
exit;
}
?>
--
falcifer <falcifer2001 () yahoo es>
Current thread:
- SQL injection falcifer (Apr 20)
- Re: SQL injection Juan Carlos Reyes Muñoz (Apr 20)
- <Possible follow-ups>
- RE: SQL injection Calderon, Juan C (CORP, DDEMESIS) (Apr 21)