====== Ubuntu - ModSecurity - Testing SQL Injection ====== Before going ahead with configuring rules, we will create a PHP script which is vulnerable to SQL injection and try it out. Please note that this is just a basic PHP login script with no session handling. Be sure to change the MySQL password in the script below so that it will connect to the database: Logged in

A Secret for you....

'; } else { ?>
Username:
Password:
This script will display a login form. Entering the right credentials will display a message "A Secret for you." We need credentials in the database. Create a MySQL database and a table, then insert usernames and passwords. mysql -u root -p This will take you to the **mysql>** prompt create database sample; connect sample; create table users(username VARCHAR(100),password VARCHAR(100)); insert into users values('john','pwd'); insert into users values('alice','secret'); quit; Open your browser, navigate to http://yourwebsite.com/login.php and enter the right pair of credentials. Username: john Password: pwd You'll see a message that indicates successful login. Now come back and enter a wrong pair of credentials-- you'll see the message **Invalid username or password**. We can confirm that the script works right. The next job is to try our hand with SQL injection to bypass the login page. Enter the following for the **username** field: ' or true -- **NOTE**: There should be a space after **--** this injection won't work without that space. Leave the password field empty and hit the login button. Voila! The script shows the message meant for authenticated users.