The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

nator characters to construct a string that is equivalent to some benign

Download 5,76 Mb. Pdf ko'rish bet 440/875 Sana 01.01.2022 Hajmi 5,76 Mb. #293004

Bu sahifa navigatsiya:

• The following examples can be injected to construct input that is equiva- lent to
• One way of confirming that the application is interacting with a back-end database is to submit the SQL wildcard character

nator characters to construct a string that is equivalent to some benign input. If the application handles your crafted input in the same way as it does the corresponding benign input, then it is likely to be vulnerable. Each type of database uses different methods for string concatenation. The following examples can be injected to construct input that is equiva- lent to  FOO in a vulnerable application: Oracle: ‘||’FOO MS-SQL: ‘+’FOO MySQL: ‘ ‘FOO [note there is a space between the two quotes] T I P One way of confirming that the application is interacting with a back-end database is to submit the SQL wildcard character  % in a given parameter. For Download 5,76 Mb. Do'stlaringiz bilan baham: