+ 3
What is sql injection and how can i use this.
4 ответов
+ 5
If your code looks something like this:
mysql_query('UPDATE users SET first_name="' . $_POST['first_name'] . '" WHERE id=1001');
you would expect the generated SQL to be:
UPDATE users set first_name="Liz" WHERE id=1001;
But if your malicious user types their first name as:
Liz", last_name="Lemon"; --
the generated SQL then becomes:
UPDATE users SET first_name="Liz", last_name="Lemon"; --" WHERE id=1001;
Now all of your users are named Liz Lemon, and that’s just not cool.
+ 1
Go to YouTube. Look for Tom Scott SQL Injection. His explanations are succinct and he's super sexy.
+ 1
you can inject some sql codes on an unsecured input form or get method that has a relation with mysql_query()
e.g:
php?id=1
mysql_query('select name from namds where id=1')
i use order by + a random number to get number of collumns
then union select + number of columns as 1,2,3...
after finding vuln column u can inject something like
php?id=union select 1,password,3 from admin
or bruteforcing tables data and columns with havij or sqlmap