SitePoint Sponsor

User Tag List

Results 1 to 9 of 9

Thread: Sql Injection

  1. #1
    SitePoint Wizard
    Join Date
    Jul 2006
    Location
    New Zealand
    Posts
    1,300
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Sql Injection

    I need some people to help me test my login form

    located here

    If you can test it for me ill be greatful thanks

  2. #2
    SitePoint Wizard
    Join Date
    Jul 2006
    Location
    New Zealand
    Posts
    1,300
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Has anyone tested and posted back and found a way into my site i have made using sql injections?

  3. #3
    WebAmoeba mythix's Avatar
    Join Date
    Aug 2002
    Location
    here
    Posts
    578
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    mite be easier if you post the code...
    Laws are like sausages. You have much more respect for them if you haven't actually seen how they're made.

    http://www.webamoeba.co.uk

  4. #4
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    nobody is going to try to hack that site for you. we dont even know if it belongs to you, which means we dont have permisson.

  5. #5
    SitePoint Wizard
    Join Date
    Jul 2006
    Location
    New Zealand
    Posts
    1,300
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here my Login code

    PHP Code:
    <?php
        session_start
    ();
        include(
    "dbconnect.php");
        
    $msg_pass="";
        
    $msg_user="";
        if(
    $_POST['username'] && $_POST['password'])
        {    
            
    $username mysqli_real_escape_string($con,stripslashes(trim($_POST['username'])));
            
    $password mysqli_real_escape_string($con,stripslashes(trim($_POST['password']))); 
            
    //$username = $mysqli->real_escape_string($username);
            //$password = $mysqli->real_escape_string($password);
            //$username=mysqli_real_escape_string($con,$username);
            //$password=mysqli_real_escape_string($con,$password);
            
    $cQuery="SELECT * FROM members WHERE username='".$username."'"
            
    //$cQuery="SELECT * FROM members WHERE username='".mysqli_real_escape_string(stripslashes(trim($_POST['username'])))."'";
            
    $con;
            echo 
    $cQuery;
            
    $rs=mysqli_query($con,$cQuery);
            if(!
    $rs)
            {
                echo 
    "Unable to excute the query:".mysqli_error($con);
            }
            else
            {
                
    $count=mysqli_num_rows($rs);
                    if(
    $count>0)
                    {
                        
    $data=mysqli_fetch_assoc($rs);
                        if(
    $data['password']=$password)
                        {
                            
    $_SESSION['user']=$_POST['username'];
                            include(
    "consoleincludes/console.inc.php");
                            }
                            else
                            {
                                
    $msg_pass="Wrong Password,Please Try again<br>\n";
                                include(
    "includes/attemptloginfailed.inc.php");
                            }
                        }
                        else
                        {
                            
    $msg_user="Wrong Username,Please Try again<br>\n";
                            include(
    "includes/attemptloginfailed.inc.php");
                        }
                    }
             if(!
    $_SESSION['user'])
             {
                include(
    "includes/header.inc.php");?>
                <fieldset>
                <legend><font color="#FFFFFF">Please Login</font></legend>
                <form name="login" method="post" action="">
                <?
                    
    echo ($msg_user)?"<br/>".$msg_user."<br/>":"";
                
    ?>
                <font color="#FFFFFF">Username:</font><input type="text" name="username" maxlength="14"/><br/>
                <?
                    
    echo($msg_pass)?"<br/>".$msg_pass."<br/>":"";
                
    ?>
                <font color="#FFFFFF">Password:</font><input type="password" name="password" maxlength="12"/><br/>
                <input type="submit" name="login" value="login"/>
                </form></fieldset><?php
            
    }
        }
    ?>
    Are there any expliots in my code above?

  6. #6
    SitePoint Zealot
    Join Date
    Dec 2005
    Posts
    101
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I tried a few things such as trying to escape the string then using an OR statement to make it true, but that's the extent of my knowledge. Looking at your code quickly, it looks fairly secure, however I'm not the best judge of that.

  7. #7
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    = is the assignment operator.
    == is the comparison operator.

    anyone can login if they know/guess a valid username, because you used the wrong operator for the password comparison.

  8. #8
    SitePoint Wizard
    Join Date
    Jul 2006
    Location
    New Zealand
    Posts
    1,300
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    should it be the other way from = to ==

    ?

  9. #9
    SitePoint Member
    Join Date
    Aug 2004
    Location
    Atlanta
    Posts
    23
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hi william232,
    yes, I would change it to ==

    also, your not encrypting your passwords?
    I would sugguest using md5 or crypt

    http://www.php.net/crypt
    http://www.php.net/md5


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •