WebApp Sec mailing list archives
SQL injection
From: falcifer <falcifer2001 () yahoo es>
Date: 20 Apr 2003 12:24:14 +0000
I have the next web to evaluate a sql injection method. but when i try to perform the injection the query looks like this usuario--> ' or ''=' password--> sds select count(*) from login where usuario='\' or \'\'=\'' and clave='sds' how can i evade de slash??? ----------------------------------------------------------------------------- <form action="secret.php" method="POST" > <center>Usuario <input type="text" name="usuario"><br> Password <input type="password" name="password"><br><br> <input type="submit" value="Log In"></center> </form> <?php $mysql=mysql_connect('localhost','root',''); if($mysql) { $mysql=mysql_select_db('hackdb'); if($mysql) { $query="select count(*) from login where usuario='$usuario' and clave='$password'"; echo $query; $result=mysql_query($query); $count=mysql_result($result,0,0); if ($count) { echo 'has conseguido entrar'; } else { echo 'atentificacion fallida'; } } else { echo 'No se ha podido seleccionar la base de datos'; exit; } } else { echo 'No se puede conectar a la base de datos'; exit; } ?> -- falcifer <falcifer2001 () yahoo es>
Current thread:
- SQL injection falcifer (Apr 20)
- Re: SQL injection Juan Carlos Reyes Muñoz (Apr 20)
- <Possible follow-ups>
- RE: SQL injection Calderon, Juan C (CORP, DDEMESIS) (Apr 21)