A protocol is an agreed upon way of talking between computers.
GET /logon.php?username=hax0r&password=supersecret123 HTTP/1.1 Host: bitlair.nl Cookie: PHPSESSID=f1a1d9715b3491bbc2d5203c88ac67fb Referer: https://bitlair.nl/index.php?action=showloginform User-Agent: Mozilla/5.0 >--snip--< Chrome/69.0.4453.96 >-- end of request --<
POST /logon.php HTTP/1.1 Host: bitlair.nl Cookie: PHPSESSID=f1a1d9715b3491bbc2d5203c88ac67fb Referer: https://bitlair.nl/index.php?action=showloginform User-Agent: Mozilla/5.0 >--snip--< Chrome/69.0.4453.96 Content-Type: application/x-www-form-urlencoded Content-Length: 38 username=hax0r&password=supersecret123 >-- end of request --<It helps to use the developer tools (press F12) - network tab to look at the network traffic.
Go to a random web page, right click on a background area, then click on "View page source".
Also available by pressing and holding Ctrl then pressing U (Ctrl-U)
<!doctype html> <html> <head> <title>Example HTML website</title> </head> <body> <h1>Top level header</h1> <ul> <li><a href="http://www.google.nl">Google</a></li> <li><a href="https://bitlair.nl>Bitlair</a></li> </ul> </body> </html>
<form method="POST"> <table> <tr> <td>Username:</td> <td><input type="text" name="username"></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="password"></td> </tr> </table> <input type="submit" value="Log me in"> </form>Try changing the method from POST to GET on the Play around with HTML forms slide, then submit and see what happens
<input type="text" id="username"> <script type="text/javascript"> // Finds the username HTML input field above and puts it in variable usernameInput var usernameInput = document.getElementById("username"); // Compare what the user entered in username to the password input. if (usernameInput.value == passwordInput.value) { // Username and password are the same. ... } </script>
SELECT fieldname1, fieldname2 FROM tablename WHERE condition
SELECT password # Password field FROM users # Users table WHERE id=1 OR id=2 # User ID 1 or 2 ORDER BY id ASC # Sort by id, ascending LIMIT 2 # Show only two records ; # End of query
userid | username | password | |
---|---|---|---|
1 | synnack | Supersecret123! | synnack@example.com |
2 | admin | Adm1ns3cr3t! | admin@example.com |
Use SELECT userid, username, password, email FROM users WHERE userid='1'
* Note: It is bad to store plaintext passwords, use a password-based key derivation function like PBKDF2 or bcrypt.
id | page |
---|---|
1 | AMERSFOORT Today we witnessed a... |
2 | AMSTERDAM It was an historic even... |
3 | Unpublished - Top secret files leaked... |
SELECT userid, password FROM users WHERE username='$USERNAME'
SELECT userid, password FROM users WHERE username='' OR 1=1 # '