Hosting Provided By

SQL injection

From: falcifer <falcifer2001(at)yahoo.es>
Date: Sun Apr 20 2003 - 08:24:14 EDT

I have the next web to evaluate a sql injection method. but when i try to perform the injection the query looks like this

usuario--> ' or ''='
password--> sds

select count(*) from login where usuario='\' or \'\'=\'' and clave='sds'

how can i evade de slash???

<center>Usuario <input type="text" name="usuario"><br>

        Password

</form>
<?php

        $mysql=mysql_connect('localhost','root','');
        if($mysql)
        {
                $mysql=mysql_select_db('hackdb');
                if($mysql)
                {
                        $query="select count(*) from login where

usuario='$usuario' and
clave='$password'";
echo $query;

                        $result=mysql_query($query);
                        $count=mysql_result($result,0,0);
                        if ($count)
                        {
                                echo 'has conseguido entrar';
                        }
                        else
                        {
                                echo 'atentificacion fallida';
                        }
                }
                else
                {
                        echo 'No se ha podido seleccionar la base de
datos';
                        exit;
                }
        }
        else
        {
                echo 'No se puede conectar a la base de datos';
                exit;
        }

-- 
falcifer

Received on Sun Apr 20 11:28:25 2003

This message: [ Message body ]
Next message: falcifer: "getting an ASP file"
Previous message: Indian Tiger: "RE: Proof of Concept Tool on Web Application Security"
Next in thread: Juan Carlos Reyes Muñoz: "Re: SQL injection"
Reply: Juan Carlos Reyes Muñoz: "Re: SQL injection"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:50 EDT