 What Are Sql Interjection Attacks?, (Answer inside) |
|
|
|
|
  |
 Jan 29 2005, 03:44 PM
Post
#1
|
|
|
sirhenry the bland  Group: Members Posts: 62 Joined: 14-December 04 From: A Location Formerly Known as Thingrend Member No.: 2,723  |
Yikes! I just found out about this. It's really something to watch out for when making SQL of any sort, not just log-ins. Fortunately, it's relatively easy to circumvent.
Check it out: QUOTE("A man wiser than I") What is an SQL Injection attack? An SQL Injection attack happens when a user gives your script data crafted to change your SQL to do something you didn't intend it to do. Consider this SQL: $sql = 'SELECT * FROM users WHERE username="'.$username.'" AND password="'.$password.'"'; if (mysql_query($sql)) { echo 'Logged in!'; } It looks fine, but what if a user submitted this as their password: " OR 1=1 OR ""=" This would cause the SQL to read: SELECT * FROM users WHERE username="" AND password="" OR 1=1 OR ""="" which would allow the attacker to get into your system without even knowing a login! On many databases you can also run multiple queries by putting a semicolon in the SQL you pass. Consider this password: "; DELETE FROM users WHERE ""=" This would run the first query, which would probably find no records, but it would then run the DELETE query which would delete all of yoru users. Note that this could also be used to delete any other data in yoru system or to change your data or insert a new user with admin priviledges. To protect against this, you need to "escape" the variables you put into your SQL. When using Mysql you can do this: $sql = 'SELECT * FROM users WHERE username="'.mysql_real_escape_string($username).'" AND password="'.mysql_real_escape_string($password).'"'; If you're using PEAR::DB you can do this (this will work for *any* database system that DB supports): $sql = 'SELECT * FROM users WHERE username='.$db->quoteSmart($username).' AND password='.$db->quoteSmart($password); Pretty scary stuff, huh? ::shocked:: Note: this is taken from this wiki, and the rightful author(s) of this information deserve all credit due. |
 |
 
|
|
Jan 29 2005, 03:47 PM
Post
#2
|
|
|
Give me Reputation and i'll give you some back.  Group: Banned Posts: 203 Joined: 29-December 04 From: Wirral, Northwest England Member No.: 3,000 |
Wow. I've knew about SQL Interjections for ages. I however never knew what they did. This as explained it all to me. Thanks!
|
|
|
|
|
Jan 29 2005, 06:33 PM
Post
#3
|
|
|
Super Member Group: Members Posts: 208 Joined: 27-January 05 From: LI, New York Member No.: 3,448 |
I know someone who had and sql injection attack on there phpBB forum and the hacker logged into the ACP and kaked everything and left a message on his homepage, lol.
|
|
|
|
|
Jan 29 2005, 07:33 PM
Post
#4
|
|
|
Advanced Member Group: Members Posts: 144 Joined: 24-July 04 From: Arizona Member No.: 189 |
or you can use htmlentites() or addslashes()
|
|
|
|
|
Jan 29 2005, 08:12 PM
Post
#5
|
|
|
Administrator  Group: Admin Posts: 1,479 Joined: 11-June 04 From: Somewhere in Time & Space. Member No.: 1 |
This is a very helpful information that you have contributed! And it must be known by many programmers.
I have Granted you 2 Hosting Credits as reward! 
|
|
|
|
|
Jan 29 2005, 08:15 PM
Post
#6
|
|
|
Newbie [Level 3] Group: Members Posts: 43 Joined: 24-January 05 Member No.: 3,407 |
What are hosting credits by the way?
|
|
|
|
|
Jan 29 2005, 08:33 PM
Post
#7
|
|
|
Administrator Group: Admin Posts: 1,479 Joined: 11-June 04 From: Somewhere in Time & Space. Member No.: 1 |
|
|
|
|
|
Jan 29 2005, 08:37 PM
Post
#8
|
|
|
Newbie [Level 3] Group: Members Posts: 43 Joined: 24-January 05 Member No.: 3,407 |
ooo gotcha thank you i wasnt paying attention sorry
|
|
|
|
|
Jan 29 2005, 09:13 PM
Post
#9
|
|
|
Super Member Group: Members Posts: 208 Joined: 27-January 05 From: LI, New York Member No.: 3,448 |
Its been like 1 or 2 days and I have 20 credits from my original starting 3, lol.
|
|
|
|