SQL injection attacks
SQL injection attacks
Posted Mar 30, 2006 19:10 UTC (Thu) by yodermk (subscriber, #3803)Parent article: SQL injection attacks
Great article! However, given this:
SELECT id FROM users WHERE name='$name' AND pass='$pass';
the shown "modified" query:
SELECT id FROM users WHERE name='' OR 1=1 AND pass='' OR 1=1 LIMIT 1;
does not show the end quote (') after $name and $pass. Would it not translate to this:
SELECT id FROM users WHERE name='' OR 1=1' AND pass='' OR 1=1 LIMIT 1';
which would be an SQL error? Or am I missing something???
Posted Mar 30, 2006 19:54 UTC (Thu)
by jake (editor, #205)
[Link]
> which would be an SQL error? Or am I missing something???
No, nice catch.
$user = "' OR 1=1 OR name='";
should do the trick ...
jake
> SELECT id FROM users WHERE name='' OR 1=1' AND pass='' OR 1=1 LIMIT 1';SQL injection attacks
$pass = "' OR 1=1 LIMIT 1 --";