The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

T I P When attempting to inject into an

Download 5,76 Mb.

Pdf ko'rish

bet	450/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 446 447 448 449 450 451 452 453 ... 875

Bog'liq
3794 1008 4334

Because most databases will implicitly cast an integer to a string, an integer value can be used at each position — in this case resulting in an account with a
If you find that the value 1 is still rejected, you can try the value 2000, which many databases will also implicitly cast to date-based data types.
Chapter 9
N OT E Probing for SQL injection vulnerabilities in a remote application is always potentially dangerous, because you have no way of knowing in advance

T I P

When attempting to inject into an

INSERT

statement, you may not know

in advance how many parameters are required, or what their types are. In the

preceding situation, you can keep adding additional fields to the

VALUES

clause

until the desired user account is actually created. For example, when injecting

into the

username

field, you could submit the following:

foo’)--

foo’, 1)--

foo’, 1, 1)--

foo’, 1, 1, 1)--

Because most databases will implicitly cast an integer to a string, an integer

value can be used at each position — in this case resulting in an account with a

username of

foo

and a password of

1

, regardless of which order the other

fields are in.

If you find that the value 1 is still rejected, you can try the value 2000, which

many databases will also implicitly cast to date-based data types.

UPDATE Statements

UPDATE

statements are used to modify one or more existing rows of data within

a table. They are often used in functions where a user changes the value of data

that already exists — for example, updating her contact information, changing

her password, or changing the quantity on a line of an order.

A typical

UPDATE

statement works in a similar way to an

INSERT

statement,

except that it usually contains a

WHERE

clause to tell the database which rows of

the table to update. For example, when a user changes her password, the

application might perform the following query:

UPDATE users SET password=’newsecret’ WHERE user = ‘marcus’ and password

= ‘secret’

This query in effect verifies that the user’s existing password is correct

and, if so, updates it with the new value. If the function is vulnerable to SQL

Chapter 9

■

Injecting Code

249

70779c09.qxd:WileyRed 9/14/07 3:13 PM Page 249

injection, then an attacker can bypass the existing password check and update

the password of the admin user by entering the following username:

admin’--

N OT E

Probing for SQL injection vulnerabilities in a remote application is

always potentially dangerous, because you have no way of knowing in advance

quite what action the application will perform using your crafted input. In

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 446 447 448 449 450 451 452 453 ... 875