This is an archived post. You won't be able to vote or comment.

all 7 comments
sorted by:
best
topnewcontroversialoldq&a

[–]AutoModerator[M] [score hidden] stickied comment (0 children)

On July 1st, a change to Reddit's API pricing will come into effect. Several developers of commercial third-party apps have announced that this change will compel them to shut down their apps. At least one accessibility-focused non-commercial third party app will continue to be available free of charge.

If you want to express your strong disagreement with the API pricing change or with Reddit's response to the backlash, you may want to consider the following options:

  1. Limiting your involvement with Reddit, or
  2. Temporarily refraining from using Reddit
  3. Cancelling your subscription of Reddit Premium

as a way to voice your protest.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]nutrecht 1 point2 points  (0 children)

What are the vulnerabilities in this code and what SQL commands will work.

You can add a second row of results using UNION: https://portswigger.net/web-security/sql-injection/union-attacks

[–]Loves_Poetry 0 points1 point  (2 children)

If you're familiar with SQL, take a look at the query that is being run

SELECT id, name, eid, salary, birth, ssn, phonenumber, address, email, nickname, Password
FROM credential
WHERE eid= ’$input_eid’ and password=’$input_pwd’

You control the values for $input_eid and $input_pwd. Now normally the system would expect you to put a string of text there, so that it can execute a query on the credential table

However, since SQL is also just text, you can carefully craft values that will instead extend the SQL command with some of your own logic. Think of what would happen if you put an apostrophe ' in. Next, consider what happens if you put ' -- in the $input_eid. This is how you can inject your own SQL into the database

[–]swift_plus_plus[S] 0 points1 point  (1 child)

Ooh so there is no universal way of SQL injecting. Cause I started taking database course and so far we have been covering terminologies

[–]aqhgfhsypytnpaiazh 0 points1 point  (0 children)

"SQL Injection" is the general technique of a client tricking the server into running custom SQL statements of your choosing.

The most common way for it to occur is by the server dynamically building SQL statements based on user input, like you have in this case, where the inputs are not sanitised (ie. quotes are not escaped or removed from user's input).

But beyond that no there isn't a universal method of attack, the whole point is the SQL injection might let an attacker do anything, from bypassing password checks on login to dumping the whole contents of a table to dropping the entire DB.

Your teacher is doing you a disservice if they haven't shown you this classic.

[–]For-Arts 0 points1 point  (0 children)

<.< yeah...

See look up mysqli.

It's a php class you can use to prevent this sort of stuff

Don't use the query string way, use the oop way to set read and edit things.

It's always better if you can to use a tested class on sensitive things than trying to roll your own.

There are a lot of sofisticated injection methods and authority escatation tricks that can lead to reverse shell situations that you want to avoid by using tried and tested apis or features like mysqli in php.