Skip to content

Instantly share code, notes, and snippets.

@phith0n

phith0n/field.php

Last active April 25, 2021 10:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save phith0n/64e4d5c1d777b5811709436bf608a21c to your computer and use it in GitHub Desktop.
Save phith0n/64e4d5c1d777b5811709436bf608a21c to your computer and use it in GitHub Desktop.
Download ZIP
SQL injection in the update field key.
Raw
field.php
<?php
$db = new PDO('sqlite::memory:');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->exec("CREATE TABLE user (id int, username string, password string);");
$db->exec("INSERT INTO user VALUES(1, 'admin', 'admin');");
$db->exec("INSERT INTO user VALUES(2, 'demo', 'demo');");
$summary = $_REQUEST['field'];
$bind_vals = [];
$sql_set = ' ';
foreach ($summary as $key => $value) {
if (!empty($value)) {
$bind_vals[':' . $key] = $value;
$sql_set = $sql_set . $key . ' = :' . $key;
}
}
$bind_vals[':id'] = 2;
$sql="update user set " . $sql_set . " where id = :id";
var_dump($sql);
$stmt = $db->prepare($sql);
var_dump($bind_vals);
$r = $stmt->execute($bind_vals);
var_dump($r);
// $res = $db->query("SELECT * FROM user WHERE id = 1");
// var_dump($res->fetchAll());
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment