Skip to content

Instantly share code, notes, and snippets.

@scimad

scimad/index.php

Last active January 31, 2021 16:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save scimad/02fba63f409637795b76ffea4be6e90f to your computer and use it in GitHub Desktop.
Save scimad/02fba63f409637795b76ffea4be6e90f to your computer and use it in GitHub Desktop.
Download ZIP
Simplest example to demonstrate the idea of SQL Injection
Raw
index.php
<?php
?>
<h3>Sample login system</h3>
Input <b>admin' OR 1#</b> to in the username field to perform sql injection
<form method = "POST" action = "landing.php">
<label for="username">Username:</label><br>
<input type="text" id="username" name="username"><br>
<label for="password">Password:</label><br>
<input type="password" id="password" name="password">
<input type="submit">
</form>
<?php
Raw
landing.php
<?php
$servername = "localhost";
$username = "sql_user_eg_root";
$password = "password_for_sql_user";
$dbname = "sqlinject";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// $user = 'admin';
// $sql = "SELECT username FROM users";
$user = $_POST["username"];
$sql = "SELECT * FROM users WHERE `username` = '$user'";
// echo $sql."<br>";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
echo "<H2>Username found in database</H2>";
while($row = $result->fetch_assoc()) {
echo "Username: <b>" . $row["username"]. "</b> lives in <b>".$row["hometown"]."</b> and your password is <b>".$row["password"]."</b><br>";
}
} else {
echo "User Not Authorized";
}
$conn->close();
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment