Hi I want to show sql injection vulnerability through form input using PHP and MYSQL. Any suggestion how to go about.
Thanks
You can use Kali Linux to hack into the php website. Here is a tutorial on how to do that.
mysql_query("INSERT INTO `table` (`column`) VALUES ('$inject_variable')");
If you have query like this you can insert something like value'); DROP TABLE table;--
value'); DROP TABLE table;--
to the $inject_variable
to test the injection.
Hence, your SQL query will became this:
INSERT INTO `table` (`column`) VALUES('value'); DROP TABLE table;--')
This will allow other users to drop the table.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.