Basic SQL Injection Exploit with PHP

Posted on Posted in Information Security

Here is an example of a basic login function which is taught in a lot of PHP tutorials. The purpose of this code is to prevent someone from viewing a web page unless they provide a valid username/password in a form. The username/password is stored in a MySQL database.

$username = $_POST["username"];
$password = $_POST["password"];$query = "SELECT * FROM users WHERE Username = '" . $username . "' AND Password = '" . $password . "'";
$result = mysql_query($query);
$validated = false;
while ($rs = mysql_fetch_array($result))
{ $validated = true; }

If a programmer does not do any input validation and uses the very basic username/password authentication example shown above, the following SQL code placed in the “password” field of a web application using code like this will usually give you access to the protected area:

foo' OR 'a'='a

The presence of this vulnerability in the code may allow a malicious
person to execute other SQL commands such as editing or deleting the
data in your database.

Shadow of hand over keybaord

Leave a Reply

Your email address will not be published. Required fields are marked *