Page 2 of 2

Re: Can someone explain WHY SQL injection works?

PostPosted: Mon Jul 26, 2010 7:39 pm
by msbachman
I made a quick little console app with a password that would display two outcomes: Welcome or Get out. After completing application mission 3, I tried to bypass the password in my console app and well...it was as easy as looking through the hex...Hopefully I'll learn some ways on how to make code more secure


Here's something that I coded up :

Code: Select all

#include <stdio.h>


int main()
{
char arr[50];

scanf("%s", arr);

char password[]="moonbeam";

if(!strcmp(arr, password))
printf("\nwelcome");
else
printf("\nget out\n");

}


I'm confused, are you claiming to inject something into this even? I don't see how this is possible. I might be wrong, however, show me what you're doing to get past this (if this is even applicable to C++, I don't know shit about C++, only as much of it can be applied directly in C).

Re: Can someone explain WHY SQL injection works?

PostPosted: Mon Jul 26, 2010 8:50 pm
by sanddbox
msbachman wrote:
I made a quick little console app with a password that would display two outcomes: Welcome or Get out. After completing application mission 3, I tried to bypass the password in my console app and well...it was as easy as looking through the hex...Hopefully I'll learn some ways on how to make code more secure


Here's something that I coded up :

Code: Select all

#include <stdio.h>


int main()
{
char arr[50];

scanf("%s", arr);

char password[]="moonbeam";

if(!strcmp(arr, password))
printf("\nwelcome");
else
printf("\nget out\n");

}


I'm confused, are you claiming to inject something into this even? I don't see how this is possible. I might be wrong, however, show me what you're doing to get past this (if this is even applicable to C++, I don't know shit about C++, only as much of it can be applied directly in C).


According to him, the password showed up when he hex edited it. I'm guessing he used a different language.

Re: Can someone explain WHY SQL injection works?

PostPosted: Mon Jul 26, 2010 8:52 pm
by msbachman
:oops:

I don't know why I didn't think of that prior to writing it. I was sure there was a way to inject C input that I was ignorant of. Lol.

Sure enough,

Code: Select all
èæþÿÿÇD$CmoonÇD$GbeamÆD$K

Re: Can someone explain WHY SQL injection works?

PostPosted: Mon Jul 26, 2010 9:05 pm
by HyperShadow243
Yea I used hex edit and it was C++. I used notepad++ with the hex edit plugin and yep my results were similar to yours :)

Re: Can someone explain WHY SQL injection works?

PostPosted: Tue Jul 27, 2010 9:22 am
by tremor77
notepad++ hex editor plugin! - what what.. ffs man i wish i knew about that sooner... downloading ASAP.

Re: Can someone explain WHY SQL injection works?

PostPosted: Tue Jul 27, 2010 9:55 am
by HyperShadow243
lol I learned about it from the forums while trying to do the app missions ;)