dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix SQL Injection

Browse Source
This commit is contained in:
Àngel Ollé Blázquez 2021-03-27 19:49:53 +01:00 committed by Nanne Baars
parent b16e60f691
commit e114360a5f
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_after.adoc
View File

@ -2,9 +2,9 @@
SQL injection can be used for far more than reading the data of a single of user. The following are just a few examples of data a hacker could input to a form field (or anywhere user input is accepted) in an attempt to exploit a SQL injection vulnerability:
* `+Smith OR '1' = '1+` +
* `+Smith' OR '1' = '1+` +
results in `+SELECT * FROM users WHERE name = 'Smith' OR TRUE;+` which will return all entries from the users table
* `+Smith OR 1 = 1; --+` +
* `+Smith' OR 1 = 1; --+` +
results in `+SELECT * FROM users WHERE name = 'Smith' OR TRUE;--';+` which, like the first example, will also return all entries from the users table
* `+Smith; DROP TABLE users; TRUNCATE audit_log; --+` +
* `+Smith'; DROP TABLE users; TRUNCATE audit_log; --+` +
chains multiple SQL-Commands in order to both DROP the users table and delete all entries from the audit_log table