SQL injection - Printable Version +- Post4VPS Forum | Free VPS Provider (https://post4vps.com) +-- Forum: Geek World (https://post4vps.com/Forum-Geek-World) +--- Forum: Scripting & Programming (https://post4vps.com/Forum-Scripting-Programming) +--- Thread: SQL injection (/Thread-SQL-injection) Pages:
1
2
|
SQL injection - thispc - 06-03-2016 The most common web security risk. When a user is able to manipulate the value given to page as username or password, query formed can leak the info. Example- [font=monospace]$con = mysqli_connect("localhost", "sql1", "sql1", "sql1");[/font] $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysqli_query($con, $query); if (mysqli_num_rows($result) > 0) [font=monospace]echo "<h1>Logged in!</h1>";[/font] Here if $username = ' or '0'='0 and $password = ' or '0'='0 then query becomes "SELECT * FROM users WHERE username='' or '0'='0' AND password='' or '0'='0' " Hence every row comes out as output. Please share new ways for performing it. Also post queries related to it RE: SQL injection - Rishabh Jain - 06-04-2016 Hello, @thisps , i have to tell you that by this example and this type of threads you are actually attracting geeks to use this kind of knowledge for malicious purposes and possibly buy trouble for themselves which we are not in favor. for general fact SQL Injections as fairly negligible at current point of technology, specially with the use of prepared statements . i would rather appreciate you talking about the security enhancement for above illustration and most other attacks all you need to do is pass query through a escaping function like mysql_real_escape_string() in PHP and best is to use PDO/Prepared Statements Best Regards RE: SQL injection - RickB - 06-06-2016 PDO!! You should use it like this: PHP Code: <?php Although it should work, I have not tested it. RE: SQL injection - thispc - 06-07-2016 (06-04-2016, 04:59 PM)Rishabh Jain Wrote: Hello, @thisps , i have to tell you that by this example and this type of threads you are actually attracting geeks to use this kind of knowledge for malicious purposes and possibly buy trouble for themselves which we are not in favor.Sir, i totally get it...I just want this thread to be precautionary measure, if any one uses php to connect to a database. And as you say, this basic example which i provided can be avoided through mysql_real_escape_string() function. But there are other dozens of security vulnerabilities in sql/php that can be help to everyone for "security enhancements".. For example even if we use this escape function, Like %% or _ can be used to guess password length or characters inside it, "if used carelessly". (06-06-2016, 08:50 PM)RickB Wrote: PDO!! Colon acts as bind variable, although i don't understand how it will work RE: SQL injection - Rishabh Jain - 06-08-2016 (06-07-2016, 10:44 PM)thispc Wrote: Sir, i totally get it...I just want this thread to be precautionary measure, if any one uses php to connect to a database. yes i agree there are count less vulnerabilities and the best was to defend known to me is prepare the queries before executing them using php MySQLi extenssion PHP Code: $servername = "localhost"; Using PDO Extension PHP Code: $servername = "localhost"; Examples are from W3Schools RE: SQL injection - thispc - 06-08-2016 (06-08-2016, 04:53 AM)Rishabh Jain Wrote: yes i agree there are count less vulnerabilities and the best was to defend known to me is prepare the queries before executing themDidn't knew about PDO before...It first stores and later executes.....thanx for sharing it.. I guess Now it will be 100% secure from sql injection???? RE: SQL injection - Rishabh Jain - 06-08-2016 (06-08-2016, 05:50 AM)thispc Wrote: Didn't knew about PDO before...It first stores and later executes.....thanx for sharing it.. Theoretically yes, the queries should be full proof against the SQL-Injection But Practically NO they aren't they are good against 1st order attacks but on 2nd level they are almost as good as nothing, following is the stackoverflow post for more info Click here to find more about it RE: SQL injection - Vuluts - 10-04-2016 Is there a way on preventing or to block a SQL injection? RE: SQL injection - xdude - 10-05-2016 There are so many things can be done to prevent SQL injects. Things like Minimizing DB access, Encrypting data, Normalizing inputs etc. But I haven't seen this type of problem for a long time. Last time it was at Godaddy when they had their whole server network got compromised with a SQL injection attack. RE: SQL injection - humanpuff69 - 06-05-2017 the best way is to use newest version of mysql . i used to be defacing website and i found out that all the website that i able to inject is only mysql 5.1 or lower . and the newest version of mysql currently is 5.7 . is actually just a same thing as preventing wannacry you need to update your software really often . even though you dont need it it always come with the security patch that will prevent that sort of thing |