The following sql injection is accepted with no errors, and I'm able to bypass login. However, the requested information from the tables is not shown. Why, and how make it return results? SQL injection used: whatever' UNION SELECT user,pass FROM members WHERE user='admin This injection was used in the following context php:
unction sanitizeStr($var)
{
global $connection;
$var = strip_tags($var);
$var = htmlentities($var);
$var = stripslashes($var);
return $connection->real_escape_string($var);
}
function sanitizeStrSQ51($var)
{
return ($var);
}
$error = $user = $pass = "";
if (isset($_POST['user']))
{
$user = sanitizeStr($_POST['user']);
$pass = sanitizeStrSQ51($_POST['pass']);
if ($user == "" || $pass == "")
$error = "Not all fields were entered<br>";
else
{
$result = queryMySQL("SELECT user,pass FROM members WHERE user='$user' AND pass='$pass'");
if ($result->num_rows == 0)
{
$error = "<span class='error'>Username/Password invalid</span><br><br>";
}
else
{
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please <a href='members.php?view=$user'>" . "click here</a> to continue.<br><br>");
}
}
}
Aucun commentaire:
Enregistrer un commentaire