I have been strugggling to make my username and password case sensitive:
$sql = "SELECT * FROM user WHERE username='" . $_POST['username'] . "' AND password='$password'
AND "."usertype = '" . $_POST['usertype'] ."'";[/syntax]
Case sensitive username and password
Moderator: General Moderators
-
edmund9990
- Forum Newbie
- Posts: 1
- Joined: Wed Dec 26, 2007 3:45 pm
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
Code: Select all
yourpage.php?username=bob";drop%20*%20from%20user;&you=screwedYour default collation is case insensitive. Compare:
@Kieran Huggins:
Lol @ &you=screwed
The attack generally won't work on MySQL (may work on other DBs though) , but yeah, edmund9990, you definitely need to read up on SQL injection. Check the "Security Resources" post if you don't know where to start.
Code: Select all
mysql> select 'a' = 'A' collate 'utf8_general_ci';
+-------------------------------------+
| 'a' = 'A' collate 'utf8_general_ci' |
+-------------------------------------+
| 1 |
+-------------------------------------+
1 row in set (0.00 sec)
mysql> select 'a' = 'A' collate 'utf8_bin';
+------------------------------+
| 'a' = 'A' collate 'utf8_bin' |
+------------------------------+
| 0 |
+------------------------------+
1 row in set (0.00 sec)Lol @ &you=screwed
The attack generally won't work on MySQL (may work on other DBs though) , but yeah, edmund9990, you definitely need to read up on SQL injection. Check the "Security Resources" post if you don't know where to start.
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
Re: Case sensitive username and password
Bobby Tables got expelled due to the mishap related to his name 
But seriously, the execution of the query stops on the first semicolon with the mysql_ family of functions.
But seriously, the execution of the query stops on the first semicolon with the mysql_ family of functions.
Re: Case sensitive username and password
Injecting semicolons is just one kind of SQL injection (for the lazies, hehe)
With MySQL in this situation, you can still carry out read-only attacks against arbitrary columns in any table the current MySQL has access to. It's generally pretty severe, even though you can't delete/insert records. (Usually an attacker in such situation will compromise the admin account, and then will try to use/exploit the capabilities of the administrative interface, it depends on the application being ... errr ... pen-tested)
With MySQL in this situation, you can still carry out read-only attacks against arbitrary columns in any table the current MySQL has access to. It's generally pretty severe, even though you can't delete/insert records. (Usually an attacker in such situation will compromise the admin account, and then will try to use/exploit the capabilities of the administrative interface, it depends on the application being ... errr ... pen-tested)