Found sql-vulnerable code. What are the possibilities? How to use?

K

krll-k2014-07-11 17:02:01

PHP

krll-k, 2014-07-11 17:02:01

I inserted the following field into the input:
' or '1' = '1
As a result:
I got the opportunity to change the value of the username field
SQL query of the UPDATE type:

UPDATE 
  users
SET 
 `username` = '{$username}',
 `email` = '{$email}',
 `password` = '{$password}'
WHERE 
 `user_id` = {$user_id}

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

S

Steely, 2014-07-11
@Steely

Your personal data, a link to this question and other information have been sent to the appropriate authorities to verify the legality of your actions.

S

Sergey Melnikov, 2014-07-11
@mlnkv

How to use? Notify developers.

K

KurazhBambei, 2014-07-11
@KurazhBambei

Yes, through such a vulnerability you can get:
- access to all data in the database;
- execution of arbitrary SQL queries;
- reading files from any directory;
- downloading files (does not always work) and their subsequent execution; Use the sqlmap
utility to check for vulnerabilities in your scripts . It automates the routine process of finding vulnerabilities and provides comprehensive data analysis capabilities. Note! You use this utility at your own risk. If suddenly the purpose of the analysis is not your server, then you fall under Art. 272 part 1, part 2 of the Criminal Code of the Russian Federation . More information about SQL injections

P

papahoolio, 2014-07-11
@papahoolio

Something like this

1'where (1)=(select 1 from(select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a)--