Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.databases.ms-sqlserver > #1867

Re: SQl -injection

Path csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.fsmpi.rwth-aachen.de!newsfeed.straub-nv.de!eternal-september.org!feeder.eternal-september.org!mx02.eternal-september.org!.POSTED!not-for-mail
From "Tony Johansson" <johansson.andersson@telia.com>
Newsgroups comp.databases.ms-sqlserver
Subject Re: SQl -injection
Date Thu, 29 Jan 2015 11:03:22 +0100
Organization A noiseless patient Spider
Lines 39
Message-ID <mad0gl$bf8$1@dont-email.me> (permalink)
References <maai3j$iu8$1@dont-email.me> <maaotr$e36$1@dont-email.me>
Mime-Version 1.0
Content-Type text/plain; format=flowed; charset="Windows-1252"; reply-type=response
Content-Transfer-Encoding 7bit
Injection-Date Thu, 29 Jan 2015 10:03:01 +0000 (UTC)
Injection-Info mx02.eternal-september.org; posting-host="8fdc2b5af81c338deb7045fc6c39b0e2"; logging-data="11752"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18l/0MMBEPd6kJPua7Pf+8G"
X-MimeOLE Produced By Microsoft MimeOLE V6.0.6002.18463
In-Reply-To <maaotr$e36$1@dont-email.me>
X-Newsreader Microsoft Windows Mail 6.0.6002.18197
Cancel-Lock sha1:bQ4VqYbPFsTKoJJfrEkAnnX/4o4=
X-Priority 3
X-MSMail-Priority Normal
Xref csiph.com comp.databases.ms-sqlserver:1867

Show key headers only | View raw

Yes I can understant why it fetches alla the rows now.
Many thanks.

//Tony

"Lennart Jonsson" <erik.lennart.jonsson@gmail.com> skrev i meddelandet 
news:maaotr$e36$1@dont-email.me...
> On 2015-01-28 12:45, Tony Johansson wrote:
>> In the form there is a text field for name
>>
>> This query is meant to be used like his
>> select Namn, Adress, Telefonnummer
>> from Abonnent
>> where Namn = 'Olle Karlsson'      //This name is fetched from the text
>> field name in the form
>> and hemligtNummer = false;
>>
>> If now the user enter some strange character in the text field in the
>> form like this
>> select Namn, Adress, Telefonnummer
>> from Abonnent
>> where Namn = 'Olle Karlsson' or 'a'='a' or 'a'='a'
>> and hemligtNummer = false;
>>
>> I don't understand how the second query can result that all rows will be
>> fetched
>>
>
> The where clause evaluates to
>
>     where Namn = 'Olle Karlsson'
>        or 'a'='a'
>        or ('a'='a' and hemligtNummer = false);
>
>
> /Lennart
>
>

Back to comp.databases.ms-sqlserver | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

SQl -injection "Tony Johansson" <johansson.andersson@telia.com> - 2015-01-28 12:45 +0100
  Re: SQl -injection Lennart Jonsson <erik.lennart.jonsson@gmail.com> - 2015-01-28 14:41 +0100
    Re: SQl -injection "Tony Johansson" <johansson.andersson@telia.com> - 2015-01-29 11:03 +0100
  Re: SQl -injection Erland Sommarskog <esquel@sommarskog.se> - 2015-01-28 13:45 +0000

csiph-web