Darksat IT Security Forums
January 12, 2026, 01:40:09 am
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  

SQL Injection

Pages: [1]
« previous next »
  Print  
Author Topic: SQL Injection  (Read 2163 times)
neutron2k
Elite-Member
Master
*****
Posts: 469



View Profile WWW
« on: September 17, 2006, 02:15:38 pm »
a good way of testing web site login forms for their prevention of sql injection is to enter the following as the user name and password.

hi' or 1 = 1

this would change any select query to the following when details are submitted:


select * from sql where loginid='hi' or 1=1

so in essence it will always return a result and you can get access to the site.

thats if the site has poor security and doesn't cater for sql injection.
Report Spam   Logged

Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum


Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.049 seconds with 13 queries.