!! oh, ok. Now I get your idea.
!! So... one more point to "1 AND 1=1" instead of "1 AND 1=1;--" , mainly
!! because the first one works on every database, and the second one may
!! or may not work on the database.
Keep in mind that the ; terminates the query in some SQL (MySQL >4.1,
Oracle, ...) while in others it just runs into a syntax error.
!! What I was trying to find is a SELECT statement that returns the same
!! values for:
!!
!! - Original: ?id=1
!! - Fuzzed true: ?id=1 OR 1=1
!!
!! If we find that case, then we can say that *maybe* the commented
!! approach is better.
select*from table where id>42 and id<100
if you can inject the value for 42 here, then you get different results for
42 and 1=1
42 and 1=1 ;--
(tested with MySQL).
Achim
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
