Bravo List
Register
Go Back   > Bravo List > P2P > Forum > Tutorials
Reply
  #1  
Old 21st October 2021, 16:15
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Senior Member
 
Join Date: Jul 2013
P2P
Posts: 360
Default What is SQL Injection?
SQL Injection
In this tutorial you will learn how to fix the common database vulnerabilities.

What is SQL Injection?
SQL injection is an attack wherein an attacker can inject or execute malicious SQL code via the input data from the browser to the application server, such as web-form input.

It can be used to expose sensitive information like user's contact numbers, email addresses, credit card information and so on. An attacker can even use it to bypass authentication process and get access to the entire database. Let's see how it actually works.

How SQL Injection Works
Consider the following SQL statement which is a simple example of authenticating a user with a username and password in a web application.

SELECT * FROM users WHERE username='username_val' AND password='password_val';
Here, username_val and password_val represents the username and password entered by the user respectively. If a user enters the values such as "john" as username and "123" as password, then the resulting statement will be:

SELECT * FROM users WHERE username='john' AND password='123';
But suppose, if user is an attacker and instead of entering a valid username and password in the input fields, he entered the values something like: ' OR 'x'='x

In this case, the above SQL query will be constructed as:

SELECT * FROM users WHERE username='' OR 'x'='x' AND password='' OR 'x'='x';
This statement is a valid SQL statement and since WHERE 'x'='x' is always true, the query will return all rows from the users table. You can see how easily an attacker can get access to all the sensitive information of a database with just a little dirty trick.

If the users table is quite large and contains millions or rows, this single statement can also lead to denial-of-service attack (DoS attack) by overloading the system resources and make your application unavailable for legitimate users.

Warning: The consequences of ignoring SQL injection vulnerability can be even worse if your script generates a DELETE or UPDATE query. An attacker can delete data from the table or change all of its rows permanently.

Preventing SQL Injection
Always validate user input and make no assumptions. Never build SQL statements directly from user input. If you're using PHP and MySQL you can use mysqli_real_escape_string() function to create a legal SQL string that you can use in an SQL statement.

Here's a very basic example of user authentication using PHP and MySQL that demonstrates how to prevent SQL injection while taking input from users.

PHP Code:
<?php
// Starting session
session_start();
 
/* Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password) */
$link mysqli_connect("localhost""root""""demo");
 
// Check connection
if($link === false){
    die(
"ERROR: Could not connect to database.");
}
 
// Escape user inputs for security
$username_val mysqli_real_escape_string($link$_POST['username']);
$password_val mysqli_real_escape_string($link$_POST['password']);
 
if(isset(
$username_val$password_val)){
    
// Attempt select query execution
    
$sql "SELECT * FROM users WHERE username='" $username_val "' AND password='" $password_val "'";
    if(
$result mysqli_query($link$sql)){
        if(
mysqli_num_rows($result) == 1){
            
// User is authenticated do your stuff here
            
$row mysqli_fetch_array($result);
            
/* Holding values in session variable so that it can be
            accessed later within the same session reference */
            
$_SESSION['user_id'] = $row['user_id'];
            
$_SESSION['first_name'] = $row['first_name'];
            
header('Location: welcome.php');
        } else{
            echo 
"ERROR: Invalid username or password.";
        }
    } else{
        echo 
"ERROR: Something went wrong. Please try again.";
    }
}
 
// Close connection
mysqli_close($link);
?>
Please check out the tutorial on PHP MySQL prepared statements to learn the advanced techniques of preventing SQL injection in your web applications.

Tip: Test the size and type or content of the data that is received by your application and enforce appropriate limits to protect against system resources exploitation.
__________________
PHP.NET
http://www.SceneKat.info/account-signup.php

Last edited by BamBam0077; 21st October 2021 at 16:17. Reason: Credits > https://www.tutorialrepublic.com/sql-tutorial/sql-injection.php
Reply With Quote
The Following User Says Thank You to BamBam0077 For This Useful Post:
firefly007 (9th November 2021)
  #2  
Old 22nd October 2021, 19:15
hon's Avatar
hon hon is offline
Senior Member
 
Join Date: Oct 2020
P2P
Posts: 29
Default
I think that it's impossible to sql inject TorrentTrader because it hash secret with the password before send the query.
__________________
TorrentTrader4Ever

If you want help about TorrentTrader send me a PM.
Reply With Quote
  #3  
Old 7th November 2021, 03:32
elephant2's Avatar
elephant2 elephant2 is offline
Member
 
Join Date: Oct 2008
P2P
Posts: 3
Default
Quote:
Originally Posted by BamBam0077 View Post
Please check out the tutorial on PHP MySQL prepared statements
Everyone should be using prepared statements with MySQLi, or ideally, PDO at this stage.
Reply With Quote
  #4  
Old 8th November 2021, 17:45
firefly007's Avatar
firefly007 firefly007 is offline
SUPPORT GURU
 
Join Date: Jun 2010
P2P
Posts: 715
Default
Quote:
Originally Posted by hon View Post
I think that it's impossible to sql inject TorrentTrader because it hash secret with the password before send the query.
Not even hashing is 100% secure because u can use Rainbow tables to possibly crack the passwords in the user table.

Also remember getting access to the user table isnt the only thing u can do with a sql injection. You can also upload a file containing code which can open a reverse shell.

What to do......

Like with many things the internet has done most of the work for you. In this case you can go here https://www.exploit-db.com/exploits/21396 and find exactly where the vulnerabilities are for TT2.8 and patch them.

Thankfully fixing possible sql injections aren't hard and I agree using prepared statements is a good idea however a good sanitize function will do the trick.
__________________
Please Support Majority Report


You can contact me on Skype live:phesadent.elect but please let me know first.


Due to free time I'm able to help interested member's with their tracker.

Please Note!
Depending on your requests I will charge you for my assistance for Tracker installs and mods.
All my mods are custom and prices will very depending on the request.

I'm able to install any tracker and mods including themes.

Please PM me

Reply With Quote
  #5  
Old 13th November 2021, 16:33
Elena's Avatar
Elena Elena is offline
Senior Member
 
Join Date: Sep 2010
P2P
Posts: 78
Default
My challenge to you: try to get in or break it.
Here's the address:

https://lolya.top/
https://hdclub.top/
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 19:01. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2022, vBulletin Solutions Inc.