15 lines
608 B
Plaintext
15 lines
608 B
Plaintext
The following code is an example of an overly simple data retrieval function.
|
|
It is vulnerable to SQL injection because user-controlled data is inserted
|
|
directly into a query string: The application assumes that incoming data
|
|
always has a specific range of characters and ignores that some characters may
|
|
change the query logic to a malicious one.
|
|
|
|
In this particular case, the query can be exploited with the following string:
|
|
|
|
----
|
|
' OR '1'='1
|
|
----
|
|
|
|
Using the UNION clause, an attacker would also be able to perform queries against
|
|
other tables and combine the returned data within the same query result.
|