发表新帖
发表新帖

Found 'OR 1=1/* sql injection in my newsletter database

后端 未结
关注
4 1415
北海茫月
北海茫月 2021-02-07 04:02

I found the following in the \"e-mail\" field of my newsletter subscriber database: \' OR 1=1/*

I know it\'s a SQL injection, but that\'s it. I\'ve goog

相关标签:
4条回答
  • 日久生厌
    2021-02-07 04:35

    It probably aimed to select all the informations in your table. If you use this kind of query (for example in PHP) :

    mysql_query("SELECT * FROM newsletter WHERE email = '$email'");

    The email ' OR 1=1/* will give this kind of query :

    mysql_query("SELECT * FROM newsletter WHERE email = '' OR 1=1/*");

    So it selects all the rows (because 1=1 is always true and the rest of the query is 'commented'). But it was not successful

    • if strings used in your queries are escaped
    • if you don't display all the queries results on a page...
    0 讨论(0)
  • 傲寒
    2021-02-07 04:39

    'OR 1=1 is an attempt to make a query succeed no matter what
    The /* is an attempt to start a multiline comment so the rest of the query is ignored.

    An example would be 

    SELECT userid 
FROM users 
WHERE username = ''OR 1=1/*' 
    AND password = ''
    AND domain = ''

    As you can see if you were to populate the username field without escaping the ' no matter what credentials the user passes in the query would return all userids in the system likely granting access to the attacker (possibly admin access if admin is your first user). You will also notice the remainder of the query would be commented out because of the /* including the real '.

    The fact that you can see the value in your database means that it was escaped and that particular attack did not succeed. However, you should investigate if any other attempts were made.

    0 讨论(0)
  • 轻奢々
    2021-02-07 04:48

    Its better if you use validation code to the users input for making it restricted to use symbols and part of code in your input form. If you embeed php in html code your php code have to become on the top to make sure that it is not ignored as comment if a hacker edit the page and add /* in your html code

    0 讨论(0)
  • 死守一世寂寞
    2021-02-07 04:52

    The specific value in your database isn't what you should be focusing on. This is likely the result of an attacker fuzzing your system to see if it is vulnerable to a set of standard attacks, instead of a targeted attack exploiting a known vulnerability.

    You should instead focus on ensuring that your application is secure against these types of attacks; OWASP is a good resource for this.

    If you're using parameterized queries to access the database, then you're secure against Sql injection, unless you're using dynamic Sql in the backend as well.

    If you're not doing this, you're vulnerable and you should resolve this immediately.

    Also, you should consider performing some sort of validation of e-mail addresses.

    0 讨论(0)
 看不清?
提交回复
热议问题