Example vulnerable site

example_site/index.php

@@ -0,0 +1,40 @@
+<?php
+
+error_reporting(E_ALL);
+
+$mysqlUsername = 'root';
+$mysqlPassword = '';
+$mysqlDatabase = 'orderby_injection';
+
+$connectResult = mysql_connect('localhost', $mysqlUsername, $mysqlPassword);
+if( !$connectResult ) die('Could not connect');
+$selectResult = mysql_select_db($mysqlDatabase);
+if( !$selectResult ) die('Could not select DB');
+
+$sql = 'SELECT *
+FROM `user`
+' . (!empty($_GET['order']) ? 'ORDER BY ' . $_GET['order'] : '');
+
+$result = mysql_query($sql);
+if( !$result ) die(mysql_error());
+?>
+<table border="1">
+  <thead>
+    <tr>
+      <th><a href="?order=id">id</a></th>
+      <th><a href="?order=username">username</a></th>
+    </tr>
+  </thead>
+  <tbody>
+<?php
+while( $row = mysql_fetch_assoc($result) ) {
+?>
+    <tr>
+      <td><?php echo $row['id']-1; ?></td>
+      <td><?php echo $row['username']; ?></td>
+    </tr>
+<?php
+}
+?>
+  </tbody>
+</table>

example_site/install.sql

@@ -0,0 +1,28 @@
+# To install, simply run: mysql < install.sql
+
+CREATE DATABASE `orderby_injection` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
+
+CREATE TABLE `orderby_injection`.`user` (
+`id` INTEGER( 11 ) NOT NULL AUTO_INCREMENT ,
+`username` VARCHAR( 15 ) NOT NULL ,
+PRIMARY KEY (id)
+) ENGINE = MYISAM ;
+
+INSERT INTO `orderby_injection`.`user` (
+`username`
+)
+VALUES (
+'admin'
+), (
+'ahfy'
+), (
+'guest'
+), (
+'eMole'
+), (
+'html'
+), (
+'moderator'
+), (
+'test'
+);

example_site/reinstall.sh

@@ -0,0 +1,2 @@
+mysql < ./uninstall.sql
+mysql < ./install.sql

example_site/uninstall.sql

@@ -0,0 +1 @@
+DROP DATABASE `orderby_injection`;