Skip to content

Team-ReachOut/SQL-Injection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 

Repository files navigation

SQL Injection

Steps to Run

  1. Create a database as VMA and create a table users in it with following fields :
  • first_name
  • last_name
  • username
  • password

  1. Visit localhost/security/sinin1.html. Set username and password as ' ' OR '1' = '1'. After this, login will be granted of some random user without username and password.

  2. If we enter some particular username and password as ' ' OR '1' = '1', login will be granted of that particular user without password.

  3. To delete the entire table, use the query :- ' UNION DROP TABLE USERS --;.

  4. For prevention of this, we can use the function :- mysql_real_escape_string(). Adding these 2 lines will remove the special characters from input.

$Fname = mysqli_real_escape_string($conn, $Fname);

$Password = mysqli_real_escape_string($conn, $Password);

Screenshots

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published