SQL Injection Vulnerable script

ساخت وبلاگ

آخرین مطالب

امکانات وب

SQL Injection Vulnerable script

Vote count: 0


I've a strange question : I need to create a SQL vulnerable injection script ! The goal is that the script is vulnerable to Union based only !
Here is my script :

$req = "SELECT pseudo, mail FROM membres WHERE pseudo='".$_POST['membre']."'"; $ans = $bdd->query($req); while($data = $ans->fetch()){ echo '<p><b>'.$data['pseudo'].'</b> : '.$data['mail'].' '.$data['password'].'</p>'; }


As you can see if you enter :

' UNION SELECT password, pseudo FROM membres#


The Script will output all the password of the db ! But this is not realistic ! My $data['password'] is all ready echo but empty by defalt ! How to make a proper vulnerable script wich allowed the hacker to list all table , all columns !
Because in my case only one or two payload will works !
Thank you

asked 43 secs ago
Matthieu Mollard

back soft...
ما را در سایت back soft دنبال می کنید

برچسب : نویسنده : استخدام کار backsoft بازدید : 296 تاريخ : پنجشنبه 31 تير 1395 ساعت: 21:16

آرشیو مطالب

پيوندهای روزانه

لینک دوستان

خبرنامه