The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

N OT E In the example shown, the double hyphen in the attacker’s input is a

Download 5,76 Mb. Pdf ko'rish bet 432/875 Sana 01.01.2022 Hajmi 5,76 Mb. #293004

N OT E In the example shown, the double hyphen in the attacker’s input is a meaningful expression in SQL that tells the query interpreter that the remainder of the line is a comment and should be ignored. This trick is extremely useful in some SQL injection attacks, because it enables you to ignore the remainder of the query created by the application developer. In the example, the application is encapsulating the user-supplied string in single quotation marks. Because the attacker has terminated the string he controls and injected some additional SQL, he needs to handle the trailing quotation mark, to avoid a syntax error occurring as in the O’Reilly example. He achieves this by adding a double hyphen, causing the remainder of the query to be treated as a comment. In MySQL, you will need to include a space after the double hyphen, or use a  Download 5,76 Mb. Do'stlaringiz bilan baham: