Many web applications connect to a database that stores all the information the application needs. SQL Injection is a technique that enables attackers to manipulate the SQL (“Structured Query Language”) queries used by the web application’s developers, often due to insufficient data sanitization. Developers frequently use SQL to access database resources.
In the request, Eve inputs: 1000′ OR ‘1’=’1, causing the SQL query to return all rows since the condition always evaluates as true. The database treats the value as 1000 or 1=1, ensuring results are returned. This is one example of how SQL syntax can be exploited via injection.
$username = getUserName(); $pw = getPassword(); $user = mysql_query(“SELECT * FROM userTable WHERE username = $username AND password = $pw”); if ($user) { $loggedIn = True; } else { $loggedIn = False; } |