SQL Injection 06

This exercise is one of our challenges on SQL Injections

< 1 Hr.


This example, first published in 2006 on Chris Shiflett's Blog, illustrates a SQL injection vulnerability that occurs due to the misuse of the `addslashes` function in conjunction with the GBK character set. The vulnerability arises because the database driver and the database are not using the same charset, leading to improper escaping of special characters. This allows an attacker to inject malicious SQL queries by using specially crafted strings like `\xBF'` (URL-encoded as `%bf%27`), which are not properly escaped.

The lab walks you through a code review of a vulnerable application where a session-based authentication is used. It highlights how `addslashes` is meant to escape single quotes but fails in this case due to charset mismatches, specifically when the `SET CHARACTER SET 'GBK';` SQL command is used. This scenario helps you grasp the importance of ensuring that the application and database use the same charset to prevent such vulnerabilities.

Want to learn more? Get started with PentesterLab Pro! GO PRO