The most common web security risk.
When a user is able to manipulate the value given to page as username or password, query formed can leak the info.
Example-
[font=monospace]$con = mysqli_connect("localhost", "sql1", "sql1", "sql1");[/font]
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysqli_query($con, $query);
if (mysqli_num_rows($result) > 0)
[font=monospace]echo "<h1>Logged in!</h1>";[/font]
Here if $username = ' or '0'='0
and $password = ' or '0'='0
then query becomes "SELECT * FROM users WHERE username='' or '0'='0' AND password='' or '0'='0' "
Hence every row comes out as output.
Please share new ways for performing it.
Also post queries related to it
When a user is able to manipulate the value given to page as username or password, query formed can leak the info.
Example-
[font=monospace]$con = mysqli_connect("localhost", "sql1", "sql1", "sql1");[/font]
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysqli_query($con, $query);
if (mysqli_num_rows($result) > 0)
[font=monospace]echo "<h1>Logged in!</h1>";[/font]
Here if $username = ' or '0'='0
and $password = ' or '0'='0
then query becomes "SELECT * FROM users WHERE username='' or '0'='0' AND password='' or '0'='0' "
Hence every row comes out as output.
Please share new ways for performing it.
Also post queries related to it
Thanks to Post4Vps