SQL Injection Tips, Part 2

SQL injection is probably the most common and easiest hacking technique out there. Now, don’t think I condone it, I’m just trying to make you aware of some of the techniques used.

Let’s say for example your database on a website runs a query that looks like the following:

SELECT * FROM Users WHERE Name ="Hannes" AND Pass ="MyPassword"

By entering the following into the username field and the password field on the webpage

" or ""="

will change the above query to:

SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""

This will return all rows from the Users table, because OR “”=”” is always true.

Share the Post:
Share on facebook
Share on twitter
Share on linkedin

Related Posts