First page Back Continue Last page Overview Graphics
SQL (?) injection
Many embedded apps don't use a SQL db
- SQLite, file based db being used more
- Depending on how data is stored, similar techniques could be used
Abuses SQL queries with crafted data from form variables:
- SELECT id FROM users WHERE name='$name' AND pass='$pass'
- if $pass is: ' OR 1=1 --
- query becomes:
- SELECT id FROM users WHERE name='$name' AND pass='' OR 1=1 --'