I've a strange question : I need to create a SQL vulnerable injection script ! The goal is that the script is vulnerable to Union based only !
Here is my script :
$req = "SELECT pseudo, mail FROM membres WHERE pseudo='".$_POST['membre']."'"; $ans = $bdd->query($req); while($data = $ans->fetch()){ echo '<p><b>'.$data['pseudo'].'</b> : '.$data['mail'].' '.$data['password'].'</p>'; }
As you can see if you enter :
' UNION SELECT password, pseudo FROM membres#
The Script will output all the password of the db ! But this is not realistic ! My $data['password'] is all ready echo but empty by defalt ! How to make a proper vulnerable script wich allowed the hacker to list all table , all columns !
Because in my case only one or two payload will works !
Thank you