1

I have been tasked with one insecure form, one secure form. For my insecure form, I have the PHP statement

$sql = "INSERT INTO Name(Name) VALUES ('$firstname')";

Here the user input is obviously taken directly from the from and saved as $firstname. Now, I am having trouble actually injecting SQL into this form. Could someone point me in the right direction? I've tried dropping the table but I either get a SQL error or the injection actually is inserted.

EDIT: This is different from the question that is apparently a duplicate, as I know HOW to make it secure, what I'm trying to do is inject my already insecure code. The example in the duplicate question did not work for me and gave a syntax error.

Ashlee Berry
  • 75
  • 1
  • 7
  • 3
    Could you include examples of injections you've tried? – redreddington Dec 06 '15 at 23:16
  • I have tried the "duplicate" example which simply gives me a SQL error. `example'); DROP TABLE Name;--` gives the error `Could not get data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DROP TABLE Name;--')' at line 1` – Ashlee Berry Dec 07 '15 at 00:20
  • In most cases you can't run multiple queries like this, unless the script is using specific functions to allow that behaviour. But you can run a query inside the other, usually `SELECT`, like this: `'), (SELECT password FROM mysql.user WHERE name = 'root'), ('` I'm not sure if you have to do something else for this to work though, but thats pretty much the way. – Havenard Dec 07 '15 at 00:39

0 Answers0