search

SQL Injection

  • put some [[SQL]] through user inputs to milk out that juicy info!!!

  • used for [[Blind SQL Injection]]

OR Injection

  • if website is doing some silly stuff and is not validating stuff, instead of entering a proper username or password, you can enter some sql

  • pretend this command is run by database (<var> is replaced by the user input)

    • SELECT * FROM users WHERE username = '<user>' AND password = '<pass>'

  • if we enter 'OR 1=1 --, anything OR true will always be true, so it will return every row in the table

  • the ' ends the string meant for the username and the -- makes the rest of the command a comment

PreviousBlind SQL InjectionNextTools

Last updated