SQL Injection Example

In this article I will demonstrate how easy is to break admin password in poorly scripted web application and get all tests for your school or college

First of all, we need to find vulnerable target (more info on http://unixwiz.net/techtips/sql-injection.html).



Now lets assume that Administrators username is Administrator.
In password field we enter x' OR 'x'='x

What we have done here is SQL query manipulation, instead of just entering password we made another positive statement (1=1,x=x etc.) with OR condition.
That resulted in positive query and the doors are opened.



Note that this can be prevented by numerous PHP functions such as htmlentities,preg_replace,mysql_real_escape_string,htmlspecialchars etc.

Filtered input would probably result in "xORxx" which I doubt is the correct password



This vulnerability is reported to the administrator.

// Blog

• PHP unicode_decode (5.3)
• PHP Simple HTML DOM & cURL
• jQuery Matrix Effect
• Did You Mean API
• PHP Clickatell Class
• Cube to Sphere Panorama
• PHP jQuery Update
• PHP Transliteration Lat<->Cyr
• PHP Numeronym Generator
• jQuery Image Replace w/ Preload
• PHP Mobile Browser Detection
• PHP Output Image 2 Browser (base64)
• PHP Facebook Share
• jQuery Menu
• Dynamic Subdomains htaccess
• Random Sentence Spinning Function
• PHP Block Bots From China
• PHP Browser Detection Function
• PHP nl2br & pre
• PHP Simple CAPTCHA
• PHP YouTube Embed Function
• PHP MySQL Injection Escape Function
• PHP QR Code Function
• ViaMichelin PHP Class
• PHP Alexa Rank
• PHP W3C Validator
• PHP SEO URL Function
• PHP Domain Checker
• Posao.ba Session Hijacking
• PHP Domain Checker .BA
• PHP Simple Poll Script
• PHP UTF-8 Convert Case
• PHP DoS Script
• PHP MySQL Online Script
• SQL Injection Example
• Mobile HTML Template
• PHP Random String Generator
• PHP Geo IP Locator
• PHP jQuery Autocomplete
• PHP CU3ER XML Configuration
• PHP MySQL Count Function
• PHP Simple YouTube Gallery
• PHP Calculate Percentage
• PHP Remove VAT
• PHP Lotto Number Generator
• PHP Image Crop
• PHP Parameters ( GET, POST, COOKIE )
• PHP Search Engine Optimized URL
• PHP Google Keywords
• Random Sentence Spinning
• jQuery Dropdown Menu
• PHP W3C Validation
• htaccess www