Below I try to demonstrate the basics of SQL Injection, I create a simple web login that has a SQL Injection security vulnerability.
Oops! This image does not follow our content guidelines. To continue publishing, please remove it or upload a different image.
Email : Another@toxin.htb
Pass : Admin
Oops! This image does not follow our content guidelines. To continue publishing, please remove it or upload a different image.
First of all, let's assume we already know the email used to login, namely Another@toxin.htb, then pay attention to the line of code below:
Oops! This image does not follow our content guidelines. To continue publishing, please remove it or upload a different image.
In the above line of code we know that the code does not filter the metacharacters, it allows us to perform SQL Injection to bypass logins without having to enter the correct password. In this line of code, when we enter email in the login form, the email will be entered into the variable '{$email_signin}' and the password is in the variable '{$password_signin}', for example we enter email: Admin@admin.com and password: Admin then the line of code looks like this :
$sql = "SELECT * FROM users WHERE email = 'Admin@admin.com' AND password = 'Admin'";
The above line of code uses an AND query which means that the email and password variables must be True (found in the database). In this SQL Injection technique we will change the AND query and so on into comments (lines of code that will not run the program) as below :
