The basic attack is login form bypassing which has already been discussed in the previous post. In this type of SQLi we inject queries like 1‘OR’1‘=’1 etc. in the username and password fields. The code which is used in these types of websites that can be easily bypassed through the above said queries Apart from this the user can also delete the database by executing "' drop table database; --". Below is the code, which permits the said queries: HTML: Select All index.html file: <form action="login.php" method="POST" /> <p>Password: <input type="text" name="pass" /><br /> <input type="submit" value="Authenticate" /></p> </form> login.php file: <?php // EXAMPLE CODE $execute = "SELECT * from database WHERE password = '{$_POST['pass'])"; $result = mysql_query($execute); ?> If you are having this type of code then You will have to use mysql_real_escape_string in the php code Here is the php code. Code: Select All <?php $badword = "' OR 1 '"; $badword = mysql_real_escape_string($badword); $message = "SELECT * from database WHERE password = "'$badword'"; echo "Blocked " . $message . "; ?> Be Happy Always
