MySQL injections. Drop Table.

Discuss the many weaknesses of browser security and ways to mitigate the threat

MySQL injections. Drop Table.

Post by BlowMagnum on Sun May 03, 2009 6:21 pm
([msg=23098]see MySQL injections. Drop Table.[/msg])

Well, I've been reading alot about mySQL injections and how they work, I understood most of them in Realistic missions.
So I have set up my own page using WAMP, Mysql Version - 5.1.33.

Imagine that:

There is a simple MySQL database called - Text, and a table named - texttable, it includes only two fields - ID and text.
Also there is page.php with the following code in it:

Code: Select all
$sql = "SELECT * FROM texttable WHERE id = {$_GET['id']}";
$result = mysql_query($sql);
$row = mysql_fetch_arraY($result);

if(isset($_GET['id']) == 'id' AND $_GET['id'])
{
echo $row['text'];
}
?>


As you see hat the following php code prints text according to the id, so the url goes like this:
http://localhost/page.php?id=1

As you see there is no security, no magic quotes, and nothing else.

So I have been trying to inject some SQL injections like -http://localhost/page.php?id=1; DROP TABLE texttable/*
But with no luck, I have been reading the following tutorials:

http://www.hellboundhackers.org/article ... orial.html
http://www.tutorialspoint.com/mysql/mys ... tables.htm

I have been trying different syntax like id=1 DROP texttable;
id=1 DROP TABLE texttable--
id=1; DROP TABLE texttable/*

And so on, but still with no luck.

So what am I doing wrong?

P.S Excuse me for my bad English. And I'm doing this on my own web site, basically - For learning purposes Only.
BlowMagnum
New User
New User
 
Posts: 18
Joined: Sun May 18, 2008 5:18 am
Blog: View Blog (0)


Re: MySQL injections. Drop Table.

Post by iseestoopidpeople on Fri May 15, 2009 7:22 pm
([msg=23795]see Re: MySQL injections. Drop Table.[/msg])

you need a ' before the ; i think
iseestoopidpeople
New User
New User
 
Posts: 3
Joined: Fri May 15, 2009 7:21 pm
Blog: View Blog (0)


Re: MySQL injections. Drop Table.

Post by BlowMagnum on Fri May 29, 2009 8:46 am
([msg=24576]see Re: MySQL injections. Drop Table.[/msg])

I still haven't found the right injection syntax. I have tried the following:

http://localhost/page.php?id=1'DROP TABLE texttable;
http://localhost/page.php?id=1'DROP TABLE texttable\*

http://localhost/page.php?id=1'; DROP TABLE texttable--
http://localhost/page.php?id=1'; DROP TABLE texttable\*

http://localhost/page.php?id=' DROP TABLE texttable--
http://localhost/page.php?id=' DROP TABLE texttable\*
http://localhost/page.php?id=' DROP TABLE texttable;

But with no luck.. I would really appreciate if someone could tell me what am I doing wrong..
BlowMagnum
New User
New User
 
Posts: 18
Joined: Sun May 18, 2008 5:18 am
Blog: View Blog (0)


Re: MySQL injections. Drop Table.

Post by d00d00 on Sun May 31, 2009 8:47 am
([msg=24668]see Re: MySQL injections. Drop Table.[/msg])

What is the version of php server do you used?
I think from php 4.0, they prevent sql injection by replacing ' character with ''.
d00d00
New User
New User
 
Posts: 1
Joined: Sun May 31, 2009 8:42 am
Blog: View Blog (0)


Re: MySQL injections. Drop Table.

Post by BlowMagnum on Sat Jun 06, 2009 4:46 pm
([msg=24974]see Re: MySQL injections. Drop Table.[/msg])

So You are saying that php 4.0 and above are protected against such injections?
BlowMagnum
New User
New User
 
Posts: 18
Joined: Sun May 18, 2008 5:18 am
Blog: View Blog (0)


Re: MySQL injections. Drop Table.

Post by fiftysixer on Sun Jun 07, 2009 6:16 am
([msg=24999]see Re: MySQL injections. Drop Table.[/msg])

One possibility is Magic Quotes
http://www.php.net/magic_quotes

do:
Code: Select all
<?=get_magic_quotes_gpc();?>


What does that return? A '1' means you have magic quotes enabled, which would be automatically escaping your SQL queries.
Image
Big fan of Image
fiftysixer
Experienced User
Experienced User
 
Posts: 88
Joined: Thu Mar 26, 2009 6:50 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests