Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <head>
- <title>MySQL Database</title>
- </head>
- <body>
- <?php
- $user = 'root';
- $password = 'root';
- $db = 'sql_injection';
- $host = 'localhost';
- $port = 8889;
- // Create connection
- $conn = new mysqli($host, $user, $password, $db);
- // Check connection
- /*if ($conn->connect_error) {
- die("Connection failed: " . $conn->connect_error);
- } else {
- echo "Connection is okay" . "<br>";
- }*/
- ?>
- <h1>SQL INJECTION</h1>
- <h2>Database User</h2>
- <?php
- // SHOWING ALL THE RESULTS FROM DB USER
- $sql = "SELECT id, name, email, password FROM USER";
- $result = $conn->query($sql);
- if ($result->num_rows > 0) {
- // output data of each row
- while($row = $result->fetch_assoc()) {
- echo "id: " . $row["id"] . " - name: " . $row["name"] . " - email: " . $row["email"] . "<br>";
- }
- } else {
- echo "0 results";
- }
- ?>
- <h2>Examples</h2>
- <H3>Example One</H3>
- <?php
- // CODE BELOW IS ABOUT SQL INJECTION
- $sql_injection = "SELECT * FROM User WHERE id = 1000";
- // examples
- $example_one = " or 1=1";
- // tests -> only change the number of example
- $sql_injection_test = $sql_injection . $example_one;
- $result = $conn->query($sql_injection_test);
- echo "SQL used: " . $sql_injection_test . "<br><br>";
- echo "Input: " . $example_one . "<br><br>";
- if ($result->num_rows > 0) {
- echo "The attack was successful!" . "<br><br>";
- echo "Answer: The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true!" . "<br><br>";
- // output data of each row
- while($row = $result->fetch_assoc()) {
- echo "id: " . $row["id"] . " - name: " . $row["name"] . " - email: " . $row["email"] . "<br>";
- }
- } else {
- echo "The attack was not successful!" . "<br><br>";
- }
- ?>
- <H3>Example Two</H3>
- <?php
- // CODE BELOW IS ABOUT SQL INJECTION
- $sql_injection = "SELECT * FROM User WHERE email = 'bobo@email.com' and password = '1234'";
- // examples
- $example_two = " or 1=1";
- // tests -> only change the number of example
- $sql_injection_test = $sql_injection . $example_two;
- $result = $conn->query($sql_injection_test);
- echo "SQL used: " . $sql_injection_test . "<br><br>";
- echo "Input: " . $example_two . "<br><br>";
- if ($result->num_rows > 0) {
- echo "The attack was successful!" . "<br><br>";
- echo "Answer: The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true!" . "<br><br>";
- // output data of each row
- while($row = $result->fetch_assoc()) {
- echo "id: " . $row["id"] . " - name: " . $row["name"] . " - email: " . $row["email"] . "<br>";
- }
- } else {
- echo "The attack was not successful!" . "<br><br>";
- }
- ?>
- <H3>Example Three</H3>
- <?php
- // CODE BELOW IS ABOUT SQL INJECTION
- // examples
- $user = "1";
- $password = "1' or '1'='1";
- $sql_injection = "SELECT * FROM User WHERE email = '" . $user . "' and password = '" . $password . "'";
- $result = $conn->query($sql_injection);
- echo "SQL used: " . $sql_injection . "<br><br>";
- echo "Input user: " . $user . "<br>";
- echo "Input password: " . $password . "<br><br>";
- if ($result->num_rows > 0) {
- echo "The attack was successful!" . "<br><br>";
- echo "Answer:";
- // output data of each row
- while($row = $result->fetch_assoc()) {
- echo "id: " . $row["id"] . " - name: " . $row["name"] . " - email: " . $row["email"] . "<br>";
- }
- } else {
- echo "The attack was not successful!" . "<br><br>";
- }
- ?>
- <H3>Example Four</H3>
- <?php
- // CODE BELOW IS ABOUT SQL INJECTION
- // examples
- $id = "1; DROP TABLE User1";
- $sql_injection = "SELECT * FROM User WHERE id=" . $id;
- $result = $conn->query($sql_injection);
- echo "SQL used: " . $sql_injection . "<br><br>";
- echo "Input id: " . $id . "<br>";
- ?>
- <?php
- // closing the connection
- // phpinfo();
- $conn->close();
- ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement