0
Good evening everyone. In the framework of exploring the vulnerabilities of my code I decided to test an injection of Mysql, first to escape the strings and right now without escaping them... It doesn’t seem to be working!
Here is my query:
public function e ($var)
{
$escaped_info = mysqli_real_escape_string($this->mysqli, $var);
return htmlspecialchars($escaped_info, ENT_QUOTES, 'UTF-8');
}
public function selectionQueryLike($table, $id, $column)
{
if(!empty($table) || !empty($id) || !empty($column))
{
$sql = "SELECT * FROM $table WHERE $column LIKE '%{$id}%'";
return $this->mysqli->query($sql);
}
}
And here I am calling the method:
<?php
if(isset($_POST['st_process']) === true && empty($_POST['st_process']) === false){
include("../Query-core.php");
include('../db.php');
$authentication = new DBRequest($host = 'localhost',
$user = 'root',
$pass = '',
$db = 'contas');
$selectedstudents = $authentication->selectionQueryLike("alunos", $_POST['st_process'], "student_process");
if(mysqli_num_rows($selectedstudents) > 0){
echo "<table><tr><th>Nome</th><th>NºProcesso</th><th>ID</th></tr>";
while($row = $selectedstudents->fetch_assoc()){
echo "<tr>";
echo "<td><a href='#'>" . $row["student_name"] . "</a></td>";
echo "<td>" . $row["student_process"] . "</td>";
echo "<td>" . $row["student_ID"] . "</td>";
echo "</tr>";
}
echo "</table>";
}
}
?>
Print screen:
If I understand correctly my query should be valid and stay like this:
Select * FROM alunos WHERE student_process = '%';--"
The idea is to comment on what comes forward with
#since it is mysql and not sql. You would have to enter something like%'; drop table users;#– Isac
Thank you Isac! :=)
– Hxfs