Baljeet
Member
- Jan 31, 2011
- 76
- 0
SQL Injection is injecting SQL Through a Get or Post from a script into the SQL. for Example
member.php?id=6
The code for SQL may be
This would allow the Attacker to Execute a Union Select statement.This would look like
member.php?id=' UNION SELECT concat(username,char(58),password) FROM members
A possible output would be
Affix:d8b9bb5e644429268d274cf03c6d6e06
All you would need to do is crack the hash
So how exactly do you stop this attack?
Its simple. There are many methods of protecting from SQL injection. I use 2. These are the ones Im going to teach you.
If its a simple numerical ID such as the example above Just add a Value Check. In the above code it would look like below.
Now if I tried to execute my Union Statement I would get an error
GTFO MY SERVER NOOB
Now what if you are using a string such as a search. a Union would be used the same way.
This way I would use the 'mysql_real_escape_string'
This would look like
This string it now Properly escaped and will not allow Succesful Execution of SQL Injection.
--------
Any Questions E-Mail : Affix[@]FedoraProject.org
All Credits goes to one who really made this...
member.php?id=6
The code for SQL may be
Code:
$id = $_GET['id']
$row= mysql_query('select * from `members` where id=$id');
This would allow the Attacker to Execute a Union Select statement.This would look like
member.php?id=' UNION SELECT concat(username,char(58),password) FROM members
A possible output would be
Affix:d8b9bb5e644429268d274cf03c6d6e06
All you would need to do is crack the hash
So how exactly do you stop this attack?
Its simple. There are many methods of protecting from SQL injection. I use 2. These are the ones Im going to teach you.
If its a simple numerical ID such as the example above Just add a Value Check. In the above code it would look like below.
Code:
$id = $_GET['id'];
if(!isnumeric($id)) { die("GTFO MY SERVER NOOB"); }
[/font]$row= mysql_query('select * from `members` where id=$id');
Now if I tried to execute my Union Statement I would get an error
GTFO MY SERVER NOOB
Now what if you are using a string such as a search. a Union would be used the same way.
This way I would use the 'mysql_real_escape_string'
This would look like
Code:
$id = mysql_real_escape_string($_GET['id']);
This string it now Properly escaped and will not allow Succesful Execution of SQL Injection.
--------
Any Questions E-Mail : Affix[@]FedoraProject.org
All Credits goes to one who really made this...