04-29-2011, 01:46 PM
|
|
Contributor of Idiocy
|
|
Join Date: Aug 2002
Location: USA
Age: 34
Posts: 3,666
|
|
Quote:
Originally Posted by Dragoon
Basically, that error seems to indicate that it's just plugging the value from the URL directly into an SQL query without sanitizing it (removing special characters like the single-quote, ' ). If one were so inclined, they could take advantage of this by injecting their own code into the query, by changing that string to something like
Robert'); DROP TABLE students;--
And because their shitty website doesn't bother to make sure that string is safe before plugging it in, the parser will execute the command to drop the entire table named 'students' if there is one. Could do all sorts of fun things with this.
|
I thought there was an update a while ago that made it so you can't do multiple commands in a single query. So the whole
[COMMAND]; [COMMAND] doesn't work --
if the SQL query is SELECT * FROM students WHERE i = (url input), you couldn't write 1'; DROP TABLE students;--
If I'm wrong and you CAN run multiple commands, then I must've been doing it wrong and lost profit on tons of systems.
__________________
Quote:
(7:32:05 PM) Crescent0mega: brb smoking this 4 year old cock
|
|