WHAT IS SQL INJECTION?

Amit Singh

Total Post:565

Points:2825
Posted by  Amit Singh
DB2 
DB2
 1136  View(s)
Ratings:
Rate this:
  1. Amit Singh

    Post:565

    Points:2825
    What is SQL Injection?

    The Test Data Inputs are
    1) ' (Single quote)
    2) '1'='1
    3) we can pass the same i/p's as query in the form of SELECT * FROM users WHERE name = '' OR '1'='1';
    (If the text field accepts that much characters)
    4) statement = "SELECT * FROM users WHERE name = '" + userName + "';"

    Before trying to pass those inputs as a security tester try to catch the Table Name and Attributes(fields) if so you can play with refined Data attributes and find out more Security issues by SQL Injection.

    First try to catch in the order Database Name->Table Name->Attributes->Data Types

Answer

NEWSLETTER

Enter your email address here always to be updated. We promise not to spam!