pierre Posted October 18, 2016 Share Posted October 18, 2016 Hello, I would like to know the impact of the injection : string' /* For example in such a query : "select username,pass from users where username='$uname' and password='$passwrd' limit 0,1" "select username,pass from users where username='admin' /*' and password='$passwrd' limit 0,1" So we only look for the user admin, then we extent que quey by adding ' and finaly /* will bypass the end of the query ? Quote Link to comment Share on other sites More sharing options...
digininja Posted October 18, 2016 Share Posted October 18, 2016 /* is the start of a comment so it will comment out the rest of the query. It will work in MySQL, Oracle and MSSQL as far as I know http://dev.mysql.com/doc/refman/5.7/en/comments.html https://technet.microsoft.com/en-us/library/ms188621(v=sql.105).aspx In your example, only this should get executed by the server: select username,pass from users where username='admin' Quote Link to comment Share on other sites More sharing options...
pierre Posted October 18, 2016 Author Share Posted October 18, 2016 Ok thank I would think that only -- could comment out the rest of the query. Thank you :) Quote Link to comment Share on other sites More sharing options...
digininja Posted October 18, 2016 Share Posted October 18, 2016 Depends on the database type, #, -- and /* are all possibilities Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.