Is SQL injection familiar with you?? If not then this post is for you. Many web developers are unknown that all the SQL Queries are not trusted command. Yes you read it right. Using SQL Injection can destroy your database easily.
Basically, lack of validation or code which connecting to the database who create user or superuser, attacker may easily create this user or superuser using SQL Injection.
So what is it??
Injection usually occurs in a web page form. Such as a login form of an admin panel, there you need know username and password for login and instead of a username or password, a attacker gives SQL Command which is successfully run on your database.
How to prevent SQL injection in Registration and Login system in PHP MySQL
Normal User's query is very simple query just like what we have learned. Query check “username=John” from userdetails table. And get details.
Attacker's input is ' OR 1' so this first single quote (') means attacker have ended the string of MySQL query which is username = ' ' and added with an OR clause of 1 which is always true.
So now username = ' ' OR 1
And this OR 1 is always true.for every query in the table. So attacker easily login into the adminpanel.
SQL Injection always true on 1=1
And also SQL Injection true on ""=""
Basically, lack of validation or code which connecting to the database who create user or superuser, attacker may easily create this user or superuser using SQL Injection.
So what is it??
What is SQL Injection
SQL Injection is a technique where a user or attacker input his SQL Command to the SQL Queries via web page form.Injection usually occurs in a web page form. Such as a login form of an admin panel, there you need know username and password for login and instead of a username or password, a attacker gives SQL Command which is successfully run on your database.
How to prevent SQL injection in Registration and Login system in PHP MySQL
SQL Injection Example
Below quires one Is for normal user and another is for attacker trying to put SQL Injection on login form. You will also see the result, after execution of quires.Normal User's
<?php
$name = "John"; // A normal user's name
$query = "SELECT * FROM userdetails WHERE username = '$name'";
echo "Normal User=: " . $query;
?>
$name = "John"; // A normal user's name
$query = "SELECT * FROM userdetails WHERE username = '$name'";
echo "Normal User=: " . $query;
?>
Display Query for Normal User's
Normal User: SELECT * FROM userdetails WHERE username = 'John'
Normal User's query is very simple query just like what we have learned. Query check “username=John” from userdetails table. And get details.
Attacker
<?php
$attacker = "' OR 1'"; // input SQL Injection
$query_for_attacker = "SELECT * FROM userdetails WHERE username = '$attacker'";
echo "SQL Injection: " . $query_for_attacker;
?>
$attacker = "' OR 1'"; // input SQL Injection
$query_for_attacker = "SELECT * FROM userdetails WHERE username = '$attacker'";
echo "SQL Injection: " . $query_for_attacker;
?>
Display Query for Attacker
SQL Injection: SELECT * FROM userdetails WHERE username = " OR 1"
Attacker's input is ' OR 1' so this first single quote (') means attacker have ended the string of MySQL query which is username = ' ' and added with an OR clause of 1 which is always true.
So now username = ' ' OR 1
And this OR 1 is always true.for every query in the table. So attacker easily login into the adminpanel.
Attacker also give an input like
<?php
$attacker = "Smith OR 1=1"; // input SQL Injection
$query_for_attacker = "SELECT * FROM userdetails WHERE username = '$attacker'";
echo "SQL Injection: " . $query_for_attacker;
?>
$attacker = "Smith OR 1=1"; // input SQL Injection
$query_for_attacker = "SELECT * FROM userdetails WHERE username = '$attacker'";
echo "SQL Injection: " . $query_for_attacker;
?>
Display Query for Attacker
SQL Injection: SELECT * FROM userdetails WHERE username = 'Smith OR 1=1'
SQL Injection always true on 1=1
And also SQL Injection true on ""=""
Posts
No comments:
Post a Comment