User: Password:
|
|
Subscribe / Log in / New account

SQL injection attacks

SQL injection attacks

Posted Mar 30, 2006 19:10 UTC (Thu) by yodermk (subscriber, #3803)
Parent article: SQL injection attacks

Great article! However, given this:

SELECT id FROM users WHERE name='$name' AND pass='$pass';

the shown "modified" query:

SELECT id FROM users WHERE name='' OR 1=1 AND pass='' OR 1=1 LIMIT 1;

does not show the end quote (') after $name and $pass. Would it not translate to this:

SELECT id FROM users WHERE name='' OR 1=1' AND pass='' OR 1=1 LIMIT 1';

which would be an SQL error? Or am I missing something???


(Log in to post comments)

SQL injection attacks

Posted Mar 30, 2006 19:54 UTC (Thu) by jake (editor, #205) [Link]

> SELECT id FROM users WHERE name='' OR 1=1' AND pass='' OR 1=1 LIMIT 1';

> which would be an SQL error? Or am I missing something???

No, nice catch.

$user = "' OR 1=1 OR name='";
$pass = "' OR 1=1 LIMIT 1 --";

should do the trick ...

jake


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds