 |
| Hacking tricks |
MySql Hacking tricks and tips
Try it:
username / email = ' or ''='
password = ' or ''='
In this multipart tutorial I will show you few basic and advanced hacking tricks. Hacking tricks Part-2.
username / email = ' or ''='
password = ' or ''='
In this multipart tutorial I will show you few basic and advanced hacking tricks. Hacking tricks Part-2.
Look example below:
<?php
$con = mysql_connect("localhost", "peter", "abc123");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$sql = "SELECT * FROM users
WHERE user='{$_POST['user']}'
AND password='{$_POST['pwd']}'";
mysql_query($sql);
// We didn't check username and password.
// Could be anything the user wanted! Example:
$_POST['user'] = 'john';
$_POST['pwd'] = "' OR ''='";
// some code
mysql_close($con);
?>
The SQL sent would be:
SELECT * FROM users WHERE user='john' AND password='' OR ''=''
This means that anyone could log in without a valid password!
Solution (hacking tricks):
The correct way to do it to prevent database attack:
The correct way to do it to prevent database attack:
<?phpI will make a little more description about hacking tricks on part-2.
function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Quote if not a number
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
$con = mysql_connect("localhost", "peter", "abc123");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// Make a safe SQL
$user = check_input($_POST['user']);
$pwd = check_input($_POST['pwd']);
$sql = "SELECT * FROM users WHERE
user=$user AND password=$pwd";
mysql_query($sql);
mysql_close($con);
?>
No comments:
Post a Comment