dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SQL Injection lesson 6 minor mistakes in examples #663

Browse Source
This commit is contained in:
Nanne Baars 2019-09-24 17:36:53 +02:00 committed by Nanne Baars
parent a0933d83d5
commit 96d11697d4
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_after.adoc
View File

@ -2,9 +2,9 @@
==== Here are some examples of what a hacker could supply to the input field to perform actions on the database that go further than just reading the data of a single user: ==== Here are some examples of what a hacker could supply to the input field to perform actions on the database that go further than just reading the data of a single user:
* `+Smith OR 1 = 1+` + * `+Smith OR '1' = '1+` +
results in `+"SELECT * FROM USERS WHERE NAME = 'Smith' OR TRUE;+` and that way will return all entries from the users table results in `+SELECT * FROM USERS WHERE NAME = 'Smith' OR TRUE;+` and that way will return all entries from the users table
* `+Smith OR 1 = 1; --+` + * `+Smith OR 1 = 1; --+` +
results in `+"SELECT * FROM USERS WHERE NAME = 'Smith' OR TRUE;--';+` and that way will return all entries from the users table results in `+SELECT * FROM USERS WHERE NAME = 'Smith' OR TRUE;--';+` and that way will return all entries from the users table
* `+Smith; DROP TABLE USERS; TRUNCATE AUDIT_LOG; --+` + * `+Smith; DROP TABLE USERS; TRUNCATE AUDIT_LOG; --+` +
chains multiple SQL-Commands and deletes the USERS table as well as entries from the audit_log chains multiple SQL-Commands and deletes the USERS table as well as entries from the audit_log