Hackmyfortress - Hacking Training Center - En/Fr


Open Source Your Knowledge, Become a Contributor

Technology knowledge has to be shared and made accessible for free. Join the movement.

Create Content

Injection SQL

SQL is a query language. A query language is a computer language used to access data in a database SQL injection is a very well known method of attack. It is an extremely powerful attack vector when it is well exploited. It consists in modifying an SQL query by injecting unfiltered pieces of code, usually by means of a form.

If you want to connect to the administration area of ​​a site, you will be asked to fill in the "login" and "password" fields. These two information will be used to search the database of the site if your account exists. SQL injection consents to send in the connected fields code that will be added as a result of the SQL query to modify its behavior and, for example, to authenticate itself without a password.

//Exemple of SQL request
$req = $bdd->query("SELECT * FROM user WHERE login='$login' AND password='$password'");

It can be translated as "Select all in the user column or login = yourPassword and password = your password" if the request is valid then your account exists.

If now I use as pseudonym "Flroian09 '#" the request becomes

$req = $bdd->query("SELECT * FROM user WHERE login='florian09#' AND password='$password'");

Knowing that the '#' is a tag to indicate a comment, the query becomes:

$req = $bdd->query("SELECT * FROM user WHERE login='florian09#'")

So the passwords are no longer checked!

What is an SQL query ?
TitleDate outfilm Genre
Les Goonies1985Ation

The query in the exercise below can be translated as: "Select all in the column title where the genre is adventure". Make sure to change the request so that all genres are selected.

Show all film!
Need help ?

Use the '#' to comment on the part of the code you want to render inoperative.

Open Source Your Knowledge: become a Contributor and help others learn. Create New Content