In: Computer Science
What is the most common SQL Injection Attack code that could be put into a vulnerable website textbox that means "OR True"?
The most common SQL Injection Attack code that can be put into a website could be-
' OR 1=1# OR ' OR 1=1-- (Note: there is a space after --)
Explanation:
To understand the above code, let's just consider one simple example where you have a search box and in that, you have entered the number about which you want all the entries.
2 |
In this case, there's an SQL query will run in the backend that would fetch the data, it could be-
SELECT * FROM Items WHERE id = '2'
In the second scenario, we're trying to be quiet malicious and entered an SQL Injection Attack code-
' OR 1=1# |
In this case, the backend query becomes,
SELECT * FROM Items WHERE id = '' OR 1=1#'
Here, the first single-quote will balance the query and cope-up with the single-quote in the statement,
Then, OR will add a Boolean condition where, if either side of the statement of OR will be true then, the entire statement will become true for all.
1=1 is the statement that is true in any case, and thanks to OR, it'll make the entire statement true.
At last,# is used to comment out the rest part of the SQL statement and hence the single-quote at the end of th statement gets commented out.
In the newer versions of SQL (-- ) might need to be used instead of #.