04-29-2011, 10:14 PM
|
|
Contributor Pirate
|
|
Join Date: Jul 2004
Age: 35
Posts: 1,555
|
|
Quote:
|
Originally Posted by Rick
I thought there was an update a while ago that made it so you can't do multiple commands in a single query. So the whole
[COMMAND]; [COMMAND] doesn't work --
if the SQL query is SELECT * FROM students WHERE i = (url input), you couldn't write 1'; DROP TABLE students;--
If I'm wrong and you CAN run multiple commands, then I must've been doing it wrong and lost profit on tons of systems.
|
No idea, I've only got the vaguest understanding of PHP/SQL security right now. That description was from my own memory rather than a more reliable source, so it's likely not entirely accurate or up to date.
Quote:
|
Originally Posted by Biddykins
And how does SQL injection relate to profit at all? I'm seriously lost here, haha.
|
Well, like Rick said, you can sometimes get the site to dump out all sorts of information that might be worth something in the seedier parts of the interwebs, like credit card info or mailing/email addresses for spam. |