16 lines
626 B
Plaintext
16 lines
626 B
Plaintext
The following code is an example of an overly simple authentication function.
|
|
It is vulnerable to SQL injection because user-controlled data is inserted
|
|
directly into a query string: The application assumes that incoming data
|
|
always has a specific range of characters, and ignores that some characters may
|
|
change the query logic to a malicious one.
|
|
|
|
In this particular case, the query can be exploited with the following string:
|
|
|
|
----
|
|
foo' OR 1=1 --
|
|
----
|
|
|
|
By adapting and inserting this template string into one of the fields (`user` or `pass`), an
|
|
attacker would be able to log in as any user within the scoped user table.
|
|
|