I have a site I want to do very basic SQL injection testing on (basically teach me)
<?php
if($_POST)
{
extract($_POST);
$q = “SELECT username FROM `users` WHERE username=’$username’ AND password=’$password'”;
}
?>
This code is in the page of a login form. Teach/show me how I can inject sql into this, to change it to something like…
$q = “SELECT username from `users` WHERE username!=””;
or
$q = “SELECT username from `users` where username=’bob'”;
I know this is probably pretty basic, so lowest bid that can give me a working example, or show me how to do it will get the bid. If you are the first person to provide a working example in the PMB, I will select your bid.