Click here to Skip to main content
15,867,756 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hi, I have this website which was made for the specific reason to try sql injection, hence why it is not parametrized or uses prepared statements.
I am new to SQL injection and I am trying to see how I can maybe bypa

What I have tried:

I have tried
Python
";DROP TABLES tasks;--
and also tried the characters \' or \" in combination with other functions followed by -- into the title and body inputs along with other fields, but now I'm unsure what input field might be susceptible to the payload though looking at the code I'm sure it is the title and I've looked around for any example of payload characters I could use to function?
Posted
Updated 7-Dec-22 2:05am
v6
Comments
Richard Deeming 6-Dec-22 4:37am    
Your sqlescape function doesn't seem right; you're replacing the two characters with themselves, with no escaping at all.

We do not condone, support, or assist in the production of malicious code in any way, form, or manner. This is a professional site for professional developers.

If you want to know how to create such things, you need to visit a hacking site: but be sure to disable all firewalls and antivirus products first or they won't trust you enough to tell you.
 
Share this answer
 
Comments
Richard Deeming 6-Dec-22 4:37am    
I'm not sure hacking your own test site to learn about SQLi really counts as "malicious code". :)
Google will find plenty of examples of bypassing simple filters like this. For example:
If you do need to introduce a string in to your attack payload, you can do this without needing to use quotes. In MySQL, the following statement:
SQL
SELECT username FROM users WHERE isadmin = 2 union select name from sqlol.ssn where name='herp derper'--
is equivalent to:
SQL
SELECT username FROM users WHERE isadmin = 2 union select name from sqlol.ssn where name=0x4865727020446572706572-- 

If you want to learn about security vulnerabilities, I'd recommend taking a training course. For example, Troy Hunt's "Hack Yourself First" course - it's not free, but it will teach you a lot more than you'll learn on your own.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900