Can someone give me an example of sql injection with UNION operator, that returns users and passwords, with regards to the bellow php example.
function sanitizeStr($var)
{
global $connection;
$var = strip_tags($var);
$var = htmlentities($var);
$var = stripslashes($var);
return $connection->real_escape_string($var);
}
function sanitizeStrSQ51($var)
{
return ($var);
}
$error = $user = $pass = "";
if (isset($_POST['user']))
{
$user = sanitizeStr($_POST['user']);
$pass = sanitizeStrSQ51($_POST['pass']);
if ($user == "" || $pass == "")
$error = "Not all fields were entered<br>";
else
{
$result = queryMySQL("SELECT user,pass FROM members WHERE user='$user' AND pass='$pass'");
if ($result->num_rows == 0)
{
$error = "<span class='error'>Username/Password invalid</span><br><br>";
}
else
{
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please <a href='members.php?view=$user'>" . "click here</a> to continue.<br><br>");
}
}
}
Aucun commentaire:
Enregistrer un commentaire