Simple SQL Injection Testing

### 🛠️ Languages and Tools:

 

👩‍💻 This repository cover:

1. Prepare The Environment.
2. Simple Case of SQL Injection Testing

Prepare The Environment

What we need is:

PHP & MYSQL

• You can install PHP & MYSQL from Xampp (apachefriends.org)
• We need that 2 to be active for this testing

Get Development Folder Ready:

• Create folder "sql-injection" inside your root folder for web hosting (if xampp, then htdocs)
• Go inside the folder and create 2 file ("index.php" and "secure_login.php"), like this structure:

-sql-injection
--index.php
--secure_login.php

• Open "index.php" and write this code:

  

• Open "secure_login.php" and write this code:

  

• Next, open PhpMyAdmin to create database, here is the step:

  1. Create database "testdb"
  2. Create table "users"
  3. Create field:
     • id INT AUTO_INCREMENT PRIMARY KEY
     • username VARCHAR(50) NOT NULL
     • password VARCHAR(50) NOT NULL
  4. Then, input data into table with username: "admin" and password: "admin123"

• Or, you can write this code in SQL script:

  

Use case admin login: SQL Injection

• Lets play the SQL Injection case:

• Not safe code:

• Open your php code on: "localhost/sql-injection", it will shown like this:

• Test for login success:
  1. Input "admin" into field username
  2. Input "admin123" into field password
  3. click submit!
  4. it will shown login success

• Test for login failed:
  1. Input any value to field username and password
  2. click submit!
  3. it will showrn login failed

• Test for SQL Injection:

  1. Input this value into field username:

  admin' OR '1'='1
  

  2. Let field password empty
  3. click submit!
  4. see the result

• Test the SQL Injection into the secure_login (localhost/sql-injection/secure_login.php)

  1. Input this value into field username:

  admin' OR '1'='1
  

  2. Let field password empty
  3. click submit!
  4. see the result

• Compare it, and why it secure.

• SQL Injection case, Done