You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
We then obtain a valid request:<br />
SELECT * from writers where $login='' OR '1'='1'<br />
There are other types <strong>of</strong> SQL injections used not to bypass an authentication but to recover, insert,<br />
update or delete data in the base. Let us imagine a site onto which Crashfr has logged in and been<br />
authenticated... Very <strong>of</strong>ten a site where we can create an account will associate several things... For<br />
example a login/pass, name, given name, email and more importantly a level <strong>of</strong> rights. In our example,<br />
the level <strong>of</strong> rights is in the “level” field <strong>of</strong> the “users” table. Level 1 indicates the user is an administrator<br />
and level 2 indicates that the user is a member. When functioning normally, the pr<strong>of</strong>ile.php script does<br />
not allow you to modify your level <strong>of</strong> rights, but as you will see, by using SQL injection, we are going to<br />
increase our level <strong>of</strong> privileges to become an administrator. Here is the script to create our table:<br />
#<br />
# Table structure for table `users`<br />
#<br />
CREATE TABLE `users` (<br />
`id` int(10) NOT NULL auto_increment,<br />
`login` varchar(25) NOT NULL default '',<br />
`password` varchar(25) NOT NULL default '',<br />
`name` varchar(25) NOT NULL default '',<br />
`given name` varchar(25) NOT NULL default '',<br />
`email` varchar(25) NOT NULL default '',<br />
`level` int(1) NOT NULL default '0',<br />
PRIMARY KEY (`id`)<br />
) TYPE=MyISAM AUTO_INCREMENT=2 ;<br />
#<br />
# Dumping data for table `users`<br />
#<br />
INSERT INTO `users` VALUES (1, 'CrashFr', '378b243e220ca493', 'Crash', 'Fr',<br />
'crashfr@thehackademy.net', 2);<br />
And here is our PHP script with which we can modify our pr<strong>of</strong>ile:<br />