The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Submit a single quotation mark as the item of data you are targeting

Download 5,76 Mb.

Pdf ko'rish

bet	439/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 435 436 437 438 439 440 441 442 ... 875

Bog'liq
3794 1008 4334

Submit a single quotation mark as the item of data you are targeting.

Observe whether an error occurs, or whether the result differs from

the original in any other way. If a detailed database error message is

received, consult the “SQL Syntax and Error Reference” section of this

chapter to understand its meaning.

■

If an error or other divergent behavior was observed, submit two single

quotation marks together. Databases use two single quotation marks as

an escape sequence to represent a literal single quote, so the sequence

is interpreted as data within the quoted string rather than the closing

string terminator. If this input causes the error or anomalous behavior to

disappear, then the application is probably vulnerable to SQL injection.

■

As a further verification that a bug is present, you can use SQL concate-

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 435 436 437 438 439 440 441 442 ... 875