I have some code like this which is open to SQL injection. We got hacked and now we fixed it. I just want to know what the inputs (username and password) must be in order to hack this code. I mean even if you input
username = something OR x = x
Then you can retrieve the password of the first user in the table regardless of the username. However, inside the if we check whether this password is correct. I am assuming the password was very easy (as easy as 123456) and the hacker made a brute-force from a dictionary. However I am wondering if there is another way to hack this code using some injection other than brute-forcing the password.
<?php $username=$_POST[ username ]; $password=$_POST[ password ]; $result=runQuery("SELECT password FROM tbl_users WHERE username= ".$username." "); $row=mysql_fetch_array($result); if($row[ password ]==$password){ -- do sth... create a cookie etc.. } else{ --go to another page... } ?>