SQL Injection Test Site

  • PayneSession
  • Born
  • Born
  • PayneSession
  • Posts: 2

Post 3+ Months Ago

Hi guys,

I'm doing my college assignment which requires me to create a test site for me to demonstrate SQL Injection. I've created a log in page with no validation(which is preg_match) but for some reason it does not work. I'm using a site I created and accessed the site with XAMPP, will it affect the SQL Injection in anyway? Also, after I tried to insert SQL code via Username text box, the full query should be this " SELECT userid FROM user WHERE login='test' or 1=1--' AND pass='' " and yet I get nothing. I've attached my code here for some reference. I'm not sure if I coded the test site correctly or not. Any help is appreciated! :)

Regards
Attachments:
sqlinject.rar

(744 Bytes) Downloaded 39 times

My SQL Injection Test site along with the config.php to access my database.

  • Mr OBrien
  • Graduate
  • Graduate
  • User avatar
  • Posts: 186
  • Loc: down a creek without a paddle

Post 3+ Months Ago

I was wondering if you remembered an authentication file. Maybe this will work. Don't forget to configure the included connection.php if you try it.
Attachments:
simplephplogin.zip

(2.37 KiB) Downloaded 36 times

Simple php login

  • PayneSession
  • Born
  • Born
  • PayneSession
  • Posts: 2

Post 3+ Months Ago

Mr OBrien wrote:
I was wondering if you remembered an authentication file. Maybe this will work. Don't forget to configure the included connection.php if you try it.


Thanks for the reply, appreciated. I didn't know much about php yet. I'm still a beginner so I only know the basics. Currently studying Diploma in IT. :)

Post Information

  • Total Posts in this topic: 3 posts
  • Users browsing this forum: No registered users and 1 guest
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.