SQL Injection Incorrectly filtered special characters: escape characters This form of SQL injection occurs when the user manipulates the SQL statements using characters such as ’. For instance consider that you need to enter username and password while logging into your account. The SQL statement generated will be: “SELECT * FROM users WHERE password = ’” + password + “‘;” Now suppose the userName and/or password so entered are” ‘ or ‘1’=’1”. So the SQL statement reaching the back end will be: “SELECT * FROM users WHERE password =’ ‘or ‘1’=’1 ‘;” Look closely at this statement. It is deciphered by the database as select everything from the table “user” having field name equal to ‘ ‘ or 1=1. During authentication process, this condition will always be valid as 1 will always equal 1. Thus this way the user is given unauthorized access. List of Some Important inputs used by hackers to use SQL Injection technique are: a) ‘ or ‘a’=’a b) ‘ or 1=1 – c) ‘ or 1=1; – d) ‘; select * from *; – e) ‘ (Single quote)(Here we look at the error) f) ‘; drop table users – On some SQL servers such as MS SQL Server any valid SQL command may be injected via this method, including the execution of multiple statements. The following value of “username” in the statement below would cause the deletion of the “users” table as well as the selection of all data from the “data” table (in essence revealing the information of every user): a’;DROP TABLE users; SELECT * FROM data WHERE name LIKE ‘%
Posted on: Tue, 09 Jul 2013 09:57:13 +0000
Trending Topics
Recently Viewed Topics
© 2015