Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-05-18 06:30:35 -04:00
Code Issues Projects Releases Packages Wiki Activity
sec-pentesting-toolkit/Web_Exploits/SQLi
History
bt3gl 987160a0a9 fixin some readme
2014-11-19 12:04:17 -05:00
..
README.md fixin some readme 2014-11-19 12:04:17 -05:00
README.md~ fixin some readme 2014-11-19 12:04:17 -05:00
sqli_16_brute_force_password.py web apps and natas 2014-10-16 06:14:45 -04:00
sqli_18_timed_SQLi.py web apps and natas 2014-10-16 06:14:45 -04:00
sqli_COOKIE_brute.py hacklu ctf 2014-10-27 08:51:29 -04:00

README.md

SQL Injections

  • A SQL query search can be easily manipulated and assume that a SQL query search is a reliable command. This means that SQL searches are capable of passing, unnoticed, by access control mechanisms.
  • Using methods of diverting standard authentication and by checking the authorization credentials, you can gain access to important information stored in a database.

Examples

  • A parameter passed for a name of a user:
SELECT * FROM users WHERE
name="$name";

In this case, the attacker just needs to introduce a true logical expression like 1=1:

SELECT * FROM users WHERE 1=1;

So that the WHERE clause is always executed, which means that it will return the values that match to all users.

Nowadays it is estimated that less than 5% of the websites have this vulnerability.