!! oh, ok. Now I get your idea. !! So... one more point to "1 AND 1=1" instead of "1 AND 1=1;--" , mainly !! because the first one works on every database, and the second one may !! or may not work on the database.
Keep in mind that the ; terminates the query in some SQL (MySQL >4.1, Oracle, ...) while in others it just runs into a syntax error. !! What I was trying to find is a SELECT statement that returns the same !! values for: !! !! - Original: ?id=1 !! - Fuzzed true: ?id=1 OR 1=1 !! !! If we find that case, then we can say that *maybe* the commented !! approach is better. select*from table where id>42 and id<100 if you can inject the value for 42 here, then you get different results for 42 and 1=1 42 and 1=1 ;-- (tested with MySQL). Achim ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop