General questions regarding login scripts.
Basically, I'm making my own Realistic challenge of sorts to familiarize myself with the different methods of SQL and javascript injection The problem is, my canvas of sorts isn't responding in any way shape or form and I don't know if it's because it's invulnerable or if I'm just using the wrong methods, is there anyone I can PM to point me in the right direction as to what method to attempt?
post your code, then we can help you better here's a simple example of injectionable profile page.
$id=$_GET['id'];
if($id){
$link=mysql_connect('host','username','password') or die("Could not connect to server");
mysql_select_db('test',$link) or die("Could not select database.");
$query="SELECT username, email FROM `users` WHERE `id`=".$id.";";
$result=mysql_query($query);
$row=mysql_assoc_fetch($result);
mysql_close($link);
?>
<html>
<head>
<title>SQL Injection test page</title>
</head>
<body>
<table>
<tr><td>Username:</td><td><?PHP echo $row['username'] ?></td></tr>
<tr><td>Email:</td><td><?PHP echo $row['email'] ?></td></tr>
</table>
</body>
</html>
<?PHP
}else{
echo "No user selected.";
}
?>
mysql> select column_name from columns where table_name='users';
+-------------+
| column_name |
+-------------+
| id |
| uname |
| pword |
| id |
| username |
| email |
| password |
+-------------+
7 rows in set (0.00 sec)
sure you can work out what the columns are made up of.
this uses mysql_assoc_fetch, a while loop would be more realistic (typical lazy coder reusing code) and would make this much funner to exploit.
Ardennes wrote: Basically, I'm making my own Realistic challenge of sorts to familiarize myself with the different methods of SQL and javascript injection
…
Not my code, it's a website I frequent. Wait… what? So you're making a challenge using code from a website you frequent that you don't have access to which you're trying to get access to by using techniques that you've put into it by not having access to it? Am I crazy, or does someone need to do a little rewording to get his point across?
Futility wrote: [quote]Ardennes wrote: Basically, I'm making my own Realistic challenge of sorts to familiarize myself with the different methods of SQL and javascript injection
…
Not my code, it's a website I frequent. Wait… what? So you're making a challenge using code from a website you frequent that you don't have access to which you're trying to get access to by using techniques that you've put into it by not having access to it? Am I crazy, or does someone need to do a little rewording to get his point across?[/quote]
I think he wants to know what to do with a login page on a site he intends to hack.
Then why mention the "Realistic challenge of sorts"? Unless he was trying to trick us by pretending to do something honest so that we could unknowingly fuel his misdeeds.
This is what I was afraid of and merely suggested he rephrase the question in a way that didn't imply a negative prerogative.
Unless I'm misreading something, of course. I tend to be quite stupid on occasion.
I wanted a "realistic challenge" where I couldn't go read a bunch of articles written specifically for it to hold my hand, but I've hit a dead end in regards of even what to try. There isn't really much else I can say to convince you that there isn't a "LOLZ HOW I HACK TO DESTROY STUFF" request, but I assure you it's not.
read a white paper on sql injection? then apply that to the page coded above.
If you already know how to use SQL with php, you just need to see what tricks can be used just look at a cheat sheet.
If you've ever used sql then it'll be clear how they work. SQL injection isn't black magic, if you know what you're doing then it's really simple.