I have some code like this which is open to SQL injection. We got hacked and now we fixed it. I just want to know what the inputs (username and password) must be in order to hack this code. I mean even if you input
username = something OR x = x
Then you can retrieve the password of the first user in the table regardless of the username. However, inside the if we check whether this password is correct. I am assuming the password was very easy (as easy as 123456) and the hacker made a brute-force from a dictionary. However I am wondering if there is another way to hack this code using some injection other than brute-forcing the password.
<?php
$username=$_POST[ username ];
$password=$_POST[ password ];
$result=runQuery("SELECT password FROM tbl_users WHERE username= ".$username." ");
$row=mysql_fetch_array($result);
if($row[ password ]==$password){
-- do sth... create a cookie etc..
}
else{
--go to another page...
}
?>
