What is the risk of this injection? [duplicate]

-2

Personally, what risk would I run if someone wanted to give an injection in this example:

$valorGet = $_GET["valor"];
$sql = "SELECT * FROM tabela WHERE caminho = '$valorGet'";

My question is, can the guy delete (DELETE) or insert (INSERT) something in my bank? Or just give another type of SELECT?

Is there a need to do an antijection with PDO in this case to increase security?

    
asked by anonymous 02.09.2015 / 20:45

2 answers

1

A N ways to enter data, delete, join tables, etc. In a simple query like this ... Here is a classic and basic example to ignore the path:

$valorGet = "';DELETE FROM tabela WHERE 1=1;-- ";

$sql = "SELECT * FROM tabela WHERE caminho = '$valorGet'";

In this case the structure would receive:

 $sql = "SELECT * FROM tabela WHERE caminho = 'aqui entra o valor injetado: (';INSERT INTO tabela VALUES ('1','2','3','4');-- )'";

Whose output would look something like this:

$sql = "SELECT * FROM tabela WHERE caminho = '';DELETE FROM tabela WHERE 1=1;--";
    
02.09.2015 / 20:54
3

Yes, there is a risk that someone will delete your entire bank when exploiting this vulnerability. The solution does not necessarily pass through PDO, but rather by prepared statements , which you can use with both PDO and mysqli. Note that it is not enough to change the connection driver to the bank to solve the problem, you need to parameterize the query as explained in #.

    

02.09.2015 / 20:48