Update for 08-03-22 13:30

This commit is contained in:
Tyler Perkins 2022-03-08 13:30:01 -05:00
parent b4c9a68913
commit 1c573a3b52

View File

@ -42,7 +42,29 @@ Attacker may construct physical things outside of the realm of web requests.
This includes QR codes, RFID tags, or paper forms scanned with optical
character recognition.
== Inband attacks ==
Inband attacks use the same communication channel for injecting SQL as for
retreiving it.
=== tautology ===
Consider the PHP code example
{{{
$query = "SELECT info FROM user WHERE name='$_GET["name"]' AND pwd='$_GET["pwd"]'"
}}}
If the attacker submits `" ' OR 1=1 --` for the `name` field, the resulting
query would be
`SELECT info FROM user WHERE name=' ' OR 1=1 --AND pwd='$_GET["pwd"]'`
This would disable the password check, and return all rows to the application.
=== Piggybacked queries ===
Attacker can send another query after the intended query, allowing them to
extract more information.
== Also see ==