WebApp Sec mailing list archives
Re: SQL injection
From: Juan Carlos Reyes Muñoz <jcreyes () 007mundo com>
Date: Sun, 20 Apr 2003 14:28:47 -0500
are you sending the injection code through a web-based box? may be you can try looking for the form variables and send the injection coe through the URL box of your browser....
falcifer wrote:
I have the next web to evaluate a sql injection method. but when i try to perform the injection the query looks like this usuario--> ' or ''=' password--> sds select count(*) from login where usuario='\' or \'\'=\'' and clave='sds' how can i evade de slash??? ----------------------------------------------------------------------------- <form action="secret.php" method="POST" > <center>Usuario <input type="text" name="usuario"><br> Password <input type="password" name="password"><br><br> <input type="submit" value="Log In"></center> </form> <?php $mysql=mysql_connect('localhost','root',''); if($mysql) { $mysql=mysql_select_db('hackdb'); if($mysql) { $query="select count(*) from login where usuario='$usuario' and clave='$password'"; echo $query; $result=mysql_query($query); $count=mysql_result($result,0,0); if ($count) { echo 'has conseguido entrar'; } else { echo 'atentificacion fallida'; } } else { echo 'No se ha podido seleccionar la base de datos'; exit; } } else { echo 'No se puede conectar a la base de datos'; exit; } ?>
Current thread:
- SQL injection falcifer (Apr 20)
- Re: SQL injection Juan Carlos Reyes Muñoz (Apr 20)
- <Possible follow-ups>
- RE: SQL injection Calderon, Juan C (CORP, DDEMESIS) (Apr 21)