I have a login form and just to test I tried to fill in “select * from accounts where username = test” and then I pressed enter to see what happens. I got redirected to this page:
Should I be concerned about SQL injections? Or is this a normal response?
Edit: the PHP code for this particular case.
$sql = "SELECT * FROM accounts WHERE Useremail=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql))
{
echo "There was an error whilst trying to connect to the database. Please re-submit your password reset request.";
exit();
}
else
{
mysqli_stmt_bind_param($stmt, "s", $userEmail);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if (!$row = mysqli_fetch_assoc($result))
{
header("Location: /reset-password.php?reset=fail");
exit();
}
}
Advertisement
Answer
403 is the standard http status code for an unauthorized request. It seems that at least in this one test, the site did the correct thing.
That doesn’t guarantee it’s free of SQL injection vulnerabilities. There’s an old saying:
“Testing shows the presence of bugs, not their absence.”
In other words, there might be another way to use SQL injection to exploit this site, just not the one you tested.
You should always be concerned about SQL injection vulnerabilities and seek to use safe programming techniques to prevent them.
P.S.: I hope you have permission to do penetration-testing on this site. Doing it without permission is a crime in some countries, for which people have been prosecuted. I recommend you avoid doing that kind of testing for vulnerabilities, unless it’s your own site, or you have been specifically hired to do that kind of testing by its owner.