Why can I not perform SQL injection on this vulnerable script?
could you please tell me why my SQL-Injection isn't working and how can I fix it. I tried to go after the example from Here, but value'); DROP TABLE table;-- or password 1=1 doesn' work. Im sorry to steal your time with these easy things, but I tried it many times and I didn't get it running and the other post didn't help me.
<?php
$connection = mysqli_connect('localhost', 'root','' ,'DB') or die(mysqli_error());
mysqli_select_db($connection ,'DB')or die(mysqli_error());
@$unsafe_variable = $_POST['vorname'];
mysqli_query($connection, "INSERT INTO `Persons` (`Vorname`) VALUES ('$unsafe_variable')");
Making sql injection vulnerable code (for testing purposes):
In order to test SQL Injection with your code we need to make some few changes:
<?php
$connection = mysqli_connect('localhost', 'root','' ,'DB') or
die(mysqli_error($connection)); //1
mysqli_select_db($connection ,'DB') or die(mysqli_error($connection)); //2
$unsafe_variable = $_POST['vorname'];
mysqli_multi_query($connection, //3
"INSERT INTO `Persons` (`Vorname`) VALUES ('$unsafe_variable')");
?>
- //1 and //2:
mysqli_errorneeds $connection parameter. - //3: Only
mysqli_multi_queryis able to execute more than one sentence at a time. For security reasons.mysqli_queryjust executes one to prevent sql injection.
Testing:
It's the time to test sql injection. We create a simple table t to check if we can drop it through sql injection:
create table t ( i int );
Time to attack, the killer string to inject sql is:
pepe'); DROP TABLE t;--
SQL with injected code:
"INSERT INTO Persons (Vorname) VALUES ('pepe'); DROP TABLE t;--')"
Explained:
- SQL pattern is:
"INSERT INTO Persons (Vorname) VALUES ('$unsafe_variable')" - "pepe');" replaces
$unsafe_variable:"INSERT INTO Persons (Vorname) VALUES ('pepe'); DROP TABLE t;--')" - Remember -- means "comments from here", then the last quote and parenthesis is a comment.
After post this value to form:
mysql> select * from t;
ERROR 1146 (42S02): Table 's.t' doesn't exist
How to avoid SQL Injection?
Man, this is Internet, they are a lot of papers about it. Start your searching with Parameterized Queries.
- What Does :!: Mean?
- PHP: Is it possible to create a SplFileObject object from file contents (string)?
- PHP Laravel Check if Array is empty
- PHP / Apache / Node / Puppeteer - Error: Failed to launch the browser process
- WooCommerce how to display "you save X%" on checkout page
- Update custom order item meta in WooCommerce
- Is Laravel-admin 1.8.19 not compatible with laravel 11.8.0? [Your requirements could not be resolved to an installable set of packages.]
- PHP XAMPP Config
- How to import Wikipedia XML dump into MongoDB?
- Possible bug with PHP PDO and with PostgreSQL
- Split string on dots unless the dot is inside double quotes
- How to Dynamically Populate Schema in WordPress Using XPath Variables?
- /pusher/auth endpoint returning 404 in Laravel
- php .env with Docker
- Add 1 to variable inside of an echo expression
- Show values from a MySQL database table inside a HTML table on a webpage
- Get all alphanumeric words with length of either 4 or 12 characters
- Replace the trailing digits of a URI with corresponding slug text
- Wrap <b> tags around substrings matching a regular expression
- Match urls with a specific signature
- UTF-8 all the way through
- Get words delimited by "#$"
- How do you delete one part in the plaintext I scraped from the site?
- PHP Scrape HTML Between <pre> tags
- How to extract content or scrape data sets from website source page
- Create joined string by looping through key value array
- how to re-migrate a laravel migration after deleting the table
- Validate user input string only contains letters, numbers, and underscores
- How escape characters in a variable to be used in a regex pattern?
- How to make preg_match() match more than once?