Budget Listing

Enter your budget (no decimals - ex: 50) :


'; echo ''; echo 'Category'; echo 'Best item price'; echo ''; if ($search == "") { echo ''; echo 'Enter something in the search box'; echo ''; $query = "No query was executed because search is empty."; } // Execute query. else { @mysql_select_db(DB_NAME); $result = @mysql_query($query); if (@mysql_num_rows($result)==0) { echo ''; echo 'No product match - Try with a higher budget.'; echo ''; } else { // Listing data in table. while ($row = @mysql_fetch_array($result)) { echo ''; echo ''.$row[1].''; echo ''.$row[3].''; echo ''; } } } echo ''; } // Show debug boxes (MySQL error and Query generated). include("../includes/debug.inc"); ?>

Context

Page purpose
This page allows the customer to do a budget search. The listing on the left should be read as follows : "The best item you can buy under [budget entered in textbox] costs [price]".

Goal
Try to find out what is the structure of the query and then list all the products of the database. Then you could try to recover data from other tables (complete SQL injection attack).

Parameter
The parameter for the SQL injection is given by the search field and it is transfered to the PHP script through "POST" method. You can try to enter "RAM" in the search field. This will generate a query that returns results.