Update for 08-03-22 13:30
This commit is contained in:
parent
b4c9a68913
commit
1c573a3b52
@ -42,7 +42,29 @@ Attacker may construct physical things outside of the realm of web requests.
|
||||
This includes QR codes, RFID tags, or paper forms scanned with optical
|
||||
character recognition.
|
||||
|
||||
== Inband attacks ==
|
||||
|
||||
Inband attacks use the same communication channel for injecting SQL as for
|
||||
retreiving it.
|
||||
|
||||
=== tautology ===
|
||||
|
||||
Consider the PHP code example
|
||||
|
||||
{{{
|
||||
$query = "SELECT info FROM user WHERE name='$_GET["name"]' AND pwd='$_GET["pwd"]'"
|
||||
}}}
|
||||
|
||||
If the attacker submits `" ' OR 1=1 --` for the `name` field, the resulting
|
||||
query would be
|
||||
`SELECT info FROM user WHERE name=' ' OR 1=1 --AND pwd='$_GET["pwd"]'`
|
||||
|
||||
This would disable the password check, and return all rows to the application.
|
||||
|
||||
=== Piggybacked queries ===
|
||||
|
||||
Attacker can send another query after the intended query, allowing them to
|
||||
extract more information.
|
||||
|
||||
== Also see ==
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user