Ok here you go a quick test to see if you are vunerable to sql injection.
In your login form use Username: admin'--
This will cause the sql query to comment out everything after the username is passed.
example:
* SELECT * FROM members WHERE username = 'admin'--' AND password = 'password'
This is going to log you as admin user, because rest of the SQL query will be ignored.
Subscribe to:
Post Comments (Atom)
Wiredwizrd
 |
Located in Raleigh, NC Morgan Todd has over 15+ years experience, as a Sr. IT Analyst and Freelance Developer Working in lead positions with various high energy companies, and Marketing Firms Securing and Developing enterprise level applications A Professional Penetration Tester, performing code review and pen testing for PCI_DSS, HEPA, and SOXS compliance, functionality, and best practices. for various corporate clients. |
0 comments:
Post a Comment