Can someone explain WHY SQL injection works?

General technological topics without their own forum go here

Re: Can someone explain WHY SQL injection works?

Post by msbachman on Mon Jul 26, 2010 7:39 pm
([msg=42794]see Re: Can someone explain WHY SQL injection works?[/msg])

I made a quick little console app with a password that would display two outcomes: Welcome or Get out. After completing application mission 3, I tried to bypass the password in my console app and well...it was as easy as looking through the hex...Hopefully I'll learn some ways on how to make code more secure


Here's something that I coded up :

Code: Select all

#include <stdio.h>


int main()
{
char arr[50];

scanf("%s", arr);

char password[]="moonbeam";

if(!strcmp(arr, password))
printf("\nwelcome");
else
printf("\nget out\n");

}


I'm confused, are you claiming to inject something into this even? I don't see how this is possible. I might be wrong, however, show me what you're doing to get past this (if this is even applicable to C++, I don't know shit about C++, only as much of it can be applied directly in C).
"I'm going to get into your sister. I'm going to get my hands on your daughter."
~Gatito
User avatar
msbachman
Contributor
Contributor
 
Posts: 681
Joined: Mon Jan 12, 2009 10:22 pm
Location: In the sky lol
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by sanddbox on Mon Jul 26, 2010 8:50 pm
([msg=42797]see Re: Can someone explain WHY SQL injection works?[/msg])

msbachman wrote:
I made a quick little console app with a password that would display two outcomes: Welcome or Get out. After completing application mission 3, I tried to bypass the password in my console app and well...it was as easy as looking through the hex...Hopefully I'll learn some ways on how to make code more secure


Here's something that I coded up :

Code: Select all

#include <stdio.h>


int main()
{
char arr[50];

scanf("%s", arr);

char password[]="moonbeam";

if(!strcmp(arr, password))
printf("\nwelcome");
else
printf("\nget out\n");

}


I'm confused, are you claiming to inject something into this even? I don't see how this is possible. I might be wrong, however, show me what you're doing to get past this (if this is even applicable to C++, I don't know shit about C++, only as much of it can be applied directly in C).


According to him, the password showed up when he hex edited it. I'm guessing he used a different language.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2344
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by msbachman on Mon Jul 26, 2010 8:52 pm
([msg=42798]see Re: Can someone explain WHY SQL injection works?[/msg])

:oops:

I don't know why I didn't think of that prior to writing it. I was sure there was a way to inject C input that I was ignorant of. Lol.

Sure enough,

Code: Select all
èæþÿÿÇD$CmoonÇD$GbeamÆD$K
"I'm going to get into your sister. I'm going to get my hands on your daughter."
~Gatito
User avatar
msbachman
Contributor
Contributor
 
Posts: 681
Joined: Mon Jan 12, 2009 10:22 pm
Location: In the sky lol
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by HyperShadow243 on Mon Jul 26, 2010 9:05 pm
([msg=42799]see Re: Can someone explain WHY SQL injection works?[/msg])

Yea I used hex edit and it was C++. I used notepad++ with the hex edit plugin and yep my results were similar to yours :)
HyperShadow243
New User
New User
 
Posts: 7
Joined: Sat Jul 24, 2010 1:21 pm
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by tremor77 on Tue Jul 27, 2010 9:22 am
([msg=42823]see Re: Can someone explain WHY SQL injection works?[/msg])

notepad++ hex editor plugin! - what what.. ffs man i wish i knew about that sooner... downloading ASAP.
User avatar
tremor77
Addict
Addict
 
Posts: 1098
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by HyperShadow243 on Tue Jul 27, 2010 9:55 am
([msg=42827]see Re: Can someone explain WHY SQL injection works?[/msg])

lol I learned about it from the forums while trying to do the app missions ;)
HyperShadow243
New User
New User
 
Posts: 7
Joined: Sat Jul 24, 2010 1:21 pm
Blog: View Blog (0)


Previous

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests