!! fuzzing, guessing... almost the same =)
:-]
!! > !! Original: select * from users where (a = $id);
!! > !! Injected 1: select * from users where (a = 1 and 1 = 1); ---> syntax
ok
!! > !! Injected 2: select * from users where (a = 1 and 1 = 1--); --->
!! > !! invalid syntax
!! >
!! > yes and no 'cause it depends on the database's SQL engine
!!
!! are you sure that something like:
!!
!! is valid in *any* dbms?
Hmm, either of us misunderstood something.
I Meant that it depends on the dbms which character/string to use for comments,
MSSQL, Oracle --
MSSQL, MySQL /* */
etc.
!! > !! So..., adding a comment isn't always the best. Could you please think
!! > !! about an example where 1 AND 1=1 wouldn't work, and 1 AND 1=1-- would?
!! >
!! > ... where id = <value> and id > 42 ...
!! >
!! >
!!
!! Injecting false:
!! ... where id = 1 and 1 = 2 and id > 42: Zero results would be returned
!!
!! Injecting true:
!! ... where id = 1 or 1 = 1 and id > 42: All rows from the table would
!! be returned.
!!
!! I don't understand why you say that "1 AND 1=1" wouldn't work, and "1
!! AND 1=1--" would.
if you inject a comment
... where id = 1 or 1=1 -- and id > 42
the result is independent of anything that follows
That was what my example was about ("and id>42" is just an example).
{-: Achim
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
