sql-injection-payload-list icon indicating copy to clipboard operation
sql-injection-payload-list copied to clipboard
verified publisher icon payloadbox

Bypassing a filter

Open hicach99 opened this issue 1 year ago • 0 comments

I'm having a problem bypassing filter.

function filter($input) {
    if(get_magic_quotes_gpc())
        $input= stripslashes($input);
    $input = mysql_real_escape_string($input);
    return $input;
}

so the filter uses stripslashes & mysql_real_escape_string which makes it hard to inject

$id = $_GET['id'];
$id = filter($id);
$query = "select * from users where `id` = '$id' and 1=0 ;"; // for example
$result = mysql_query($query , $connection);

Is there a way to bypass it. Thanks in advance. 👍

hicach99 avatar Dec 22 '23 21:12 hicach99