stackoom
  简体   繁体   中英

I'm testing for injection in my website, I get this error

 原文  2019-03-03 15:40:37       php/ mysqli/ sql-injection

Question

I'm trying to do this query in order to test for injection. Where is the error in my query?

<?php

$query= "SELECT * FROM login where email = '1' or '1' = '1' limit 1;/*' and password = '1e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855223'";

$result = mysqli_query($connection,$query) or die(mysqli_error($connection)); 

?>

The result error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/*' and password = '1e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b785' at line 1 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/*' and password = '1e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b785' at line 1

If I do the query inside mysql workbench it works fine, but when placed in mysqli it gives the error.

Thanks for your help and down count. The simple answer is to use # instead of /*.

Bye

2 answers

solution1
 0  2019-03-03 20:52:46

MySQL supports /* ... */ style comment syntax, but you need to use the closing part. Since you're trying SQL injection, you don't typically have an opportunity to modify the SQL query except at one point. So you can't also append the */ closing part of the comment to the end of the query as well.

Example: you would need to add the closing comment syntax at the end, shown below, but because you're only using SQL injection on the $email variable, you can't do that.

WHERE email = '1' or '1' = '1' limit 1;/*' and password = ... */
               ^^^^^^^^^^^^^^^^^^^^^^^^^^                     ^^

MySQL also supports ANSI SQL comment syntax, which is a single -- preceding the rest of the line. All of what follows -- will be ignored, and there's no closing syntax for this type of comment.

WHERE email = '1' or '1' = '1' limit 1;--' and password = ... 
               ^^^^^^^^^^^^^^^^^^^^^^^^^^

See https://dev.mysql.com/doc/refman/8.0/en/comments.html

solution2
 -1  2019-03-03 15:53:50

You can't enter a where clause ( and password = [...] ) after a limit clause. limit needs to be at the end of your query.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question I'm trying to password protect my website and when i get the popup to login and i use my creds I'm getting an error when trying to POST a new user to my my cUrl testing enviroment in php How do I make my test website vulnerable to SQL injection? Can't find my logic error: A condition I'm testing for is never true Using the php method file_get_contents I'm pulling an entire webpage to my website I'm trying to run my Codeigniter Project on my local XAMPP server but I either get connection refused, website not found or not existing domain I'm trying to get my website to display who's logged in, (i.e Hello Mike, or Welcome Mike) in PHP I'm trying to validate the callback send to my website in php I'm trying to prevent access images folder on my the website with .htaccess I'm trying to use dokuwiki parser engine in my website
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM