The last condition in the query for id number is commented out. It may also be possible to comment end of a SQL query by appending ‘ - such that SELECT * FROM products WHERE month='sept' and id=1īecomes SELECT * FROM products WHERE month=’sept’ -‘ and id=1 PHP code: $id = $_GET $result= mysql_query(“SELECT * FROM products WHERE id=”.$id) $row = mysql_fetch_assoc($result) The beginning of a SQL query cannot be modified since that is generated by the PHP source code that runs on the server. Appending an odd number of single quotes cause error, while an even number of single quotes don't cause errors. When the webpage remains the same or isn’t found then this means it’s not vulnerable. In case some kind of an error message is shown, this indicates that the website is vulnerable. To test whether a website is vulnerable, a single quote ‘ can be added behind the webpage URL/product.php?id=1'generating an incorrect SQL query SELECT * FROM products WHERE id=1' Webpage URL appended with /product.php?id=1 generates a query like SELECT * FROM products WHERE id=1 Exploit the vulnerable webpage with SQL injection.Find a webpage vulnerable to SQL injections.SQL injection attack consist of two steps:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |