' OR 1=1--
But for the beginners, they will be asking "How do I carry out SQL injections??"
Do not worry, this blog will provide a simple step by step explaination to this.
When a programmer develop a web page, he will need to prepare a SQL query statment to be pass into the database for query execution. This will typically be in the form
str = "Select * from User where username=" + name + "and password = " + pass
The parameter name and pass are usually being passed from the webpage. If this statment return a positive result, the user will be authenticated. If it return a null, the user most likely do not exist.
Now, what happen if you pass ' OR 1=1;-- into the name parameter?
The query string will be
Select * from User where username=' OR 1=1-- and password=pass
What this statment means is that username will be blank or always true, as 1 always equal to 1. The -- at the back is the SQL comment sequence. This means that any sentence after this to the end of the line will be ignore by SQL. Therefore, it does not really matter what you pass into the password field as this statement will always return true. The attacker will be authenticated and be allowed into the web application.
Stay tune for part 2 on more advance form of SQL injection.
No comments:
Post a Comment