SQL injection on a search
The way Search performs its task is by executing the following query (in a php script):
$var=stripslashes($_POST['search']);
$query = "SELECT username from lab1_login where username ='".$var."'";
The structure of the database table that is maintained by the webservice and on which this query runs is as follows:
mysql> desc lab1_login;
|
Field
|
Type
|
Null
|
Key
|
Default
|
Extra
|
|
uid
|
int(11)
|
NO
|
PRI
|
|
auto_increment
|
|
username
|
varchar(255)
|
YES
|
|
|
|
|
password
|
varchar(255)
|
YES
|
|
|
|
Your task is to now perform a SQL Injection attack in the "Search for users" box such that it prints out all the usernames and passwords.