Created
January 18, 2020 17:05
-
-
Save mamiwinsfall93/af9b28c8e9ea64ee1587b0bfc50a1ebf to your computer and use it in GitHub Desktop.
php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if(isset($_POST['submit'])){ | |
$name = $_POST['name']; | |
// user input that uses SQL Injection | |
$name_bad = $_POST['name']; | |
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'"; | |
// display what the new query will look like, with injection | |
echo "<span style='color:red'>Injection: " . $query_bad."<br>"; | |
echo "The injection attack has actually made our query behave differently than we intended. By using a single quote (') they have ended the string part of our MySQL query<br> | |
username = ' '<br> | |
and then added on to our WHERE statement with an OR clause of 1 (always true).<br> | |
username = ' ' OR 1</span><br><br>"; | |
} | |
?> | |
<form method="post"> | |
<label>Please Insert 'OR 1' (with single quotes as it is i.e. 'OR 1') </label><br> | |
<input type="text" name="name"><br> | |
<input type="submit" name="submit" value="submit"> | |
</form> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment