ajohnstone.com
More on SQL Injection… | Development, Analysis And Research
I wrote this a while ago, whilst playing with SQL Injection, however a little unfinished, the idea was to try to write out entire files, through an SQL Injection attack. I thought I would expand, on my previous post Exceptions, Exceptions, Exceptions, and see what is possible with a simple a SQL Injection attack. I will base this on the assumption, that if you've managed to overlook an arbitry SQL Injection attack, I will assume that there will be vulnerable output somewhere. $id = ($_REQUEST)? (int) $_REQUEST : 0; $SearchTerm = (isset($_REQUEST))? $_REQUEST : null; if ( $id!=0 && !empty($SearchTerm) ) { $SQL = "SELECT id, StartDate, EndDate, Title FROM Table_One WHERE id={$id} AND Title='{$SearchTerm}';"; $Query = mysql_query($SQL) or die('Query Error: '.mysql_error()); $Row = mysql_fetch_array($Query, MYSQL_ASSOC); if(!empty($Row)) { print $Row; } } A couple experiments with sql injection. LOAD%20DATA%20INFILE%20'/home/httpd/vhosts/ajohnstone.com/httpdocs/index
andrew.johnstone