pierre Posted October 18, 2016 Posted October 18, 2016 Hello, I would like to know the impact of the injection : string' /* For example in such a query : "select username,pass from users where username='$uname' and password='$passwrd' limit 0,1" "select username,pass from users where username='admin' /*' and password='$passwrd' limit 0,1" So we only look for the user admin, then we extent que quey by adding ' and finaly /* will bypass the end of the query ? Quote
digininja Posted October 18, 2016 Posted October 18, 2016 /* is the start of a comment so it will comment out the rest of the query. It will work in MySQL, Oracle and MSSQL as far as I know http://dev.mysql.com/doc/refman/5.7/en/comments.html https://technet.microsoft.com/en-us/library/ms188621(v=sql.105).aspx In your example, only this should get executed by the server: select username,pass from users where username='admin' Quote
pierre Posted October 18, 2016 Author Posted October 18, 2016 Ok thank I would think that only -- could comment out the rest of the query. Thank you :) Quote
digininja Posted October 18, 2016 Posted October 18, 2016 Depends on the database type, #, -- and /* are all possibilities Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.