mirror of
https://github.com/autistic-symposium/sec-pentesting-toolkit.git
synced 2025-04-28 11:36:08 -04:00
25 lines
832 B
Markdown
25 lines
832 B
Markdown
# SQL Injections
|
|
|
|
* A SQL query search can be easily manipulated and assume that a SQL query search is a reliable command. This means that SQL searches are capable of passing, unnoticed, by access control mechanisms.
|
|
* Using methods of diverting standard authentication and by checking the authorization credentials, you can gain access to important information stored in a database.
|
|
|
|
## Examples
|
|
|
|
* A parameter passed for a name of a user:
|
|
|
|
```
|
|
SELECT * FROM users WHERE
|
|
name="$name";
|
|
```
|
|
|
|
In this case, the attacker just needs to introduce a true logical expression like ```1=1```:
|
|
|
|
```
|
|
SELECT * FROM users WHERE 1=1;
|
|
```
|
|
So that the **WHERE** clause is always executed, which means that it will return the values that match to all users.
|
|
|
|
Nowadays it is estimated that less than 5% of the websites have this vulnerability.
|
|
|
|
|