new_hack8912 wrote:
theoderic wrote:
Yeah! I learned that SQL injection into PHP websites (only PHP?)
is a great method to find different types of information from weak spots.
SQL Clients are not only used on PHP sites, it can be used with pretty much anything ex: ASP, Perl, etc
The SQL injection itself can only be used when a user inputs data (GET or POST) and the data is put through a mysql query.
So for example if you had a page like this:
http://www.example.com/page.php?id=3
This may be exploitable because 1. id is an integer and the SQL server will process this (unlike if it was page.php?id=news) 2. And it is a GET variable which the user may change.
So the PHP code would look something like this:
<?php
mysql_connect("example.com","username","password");
mysql_connect_db("example database");
//those two lines are connecting to the SQL server and then connecting to the database
$page = $_GET['id']
//getting the id that was submitted in the url
$row = mysql_query("SELECT information FROM sometable WHERE id='$page'")
//Taking the $page value from the table 'sometable' and storing the info in $row
$echo = mysql_fetch_array($row);
//storing the array that we just created from $row into $echo
echo $echo['information'];
//printing out the information on the page
?>
However this could be exploitable if the user inputed a ' because it would allow the user to then enter in his own query and therefore compromising the security of the site. The user could add/delete tables, rows, columns; view information in the rows; and even (if he has root on SQL) use load_file("/etc/passwd") to compromise the entire server.
I recommend people having trouble on this challenge to download XAMPP , which is windows software (if you have linux, you should know what your doing) and then follow
http://www.tizag.com/mysqlTutorial/. Thats how I learned the basics
Main:
