SQL Injection: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Zeile 1: | Zeile 1: | ||
=Vorüberlegung= | =Vorüberlegung= | ||
==Verhaltensweise einer SQL Abfrage== | ==Verhaltensweise einer SQL Abfrage== | ||
+ | ;Normale Abfrage | ||
*MariaDB [sql_injections]> select * from users where username = 'rudi.burkart'; | *MariaDB [sql_injections]> select * from users where username = 'rudi.burkart'; | ||
+------+--------------+----------+ | +------+--------------+----------+ | ||
Zeile 8: | Zeile 9: | ||
+------+--------------+----------+ | +------+--------------+----------+ | ||
1 row in set (0.000 sec) | 1 row in set (0.000 sec) | ||
− | + | ;Oder Verknüpfung | |
+ | *MariaDB [sql_injections]> select * from users where username = 'rudi.burkart' or username = 'hans.will'; | ||
+ | +------+--------------+----------+ | ||
+ | | id | username | password | | ||
+ | +------+--------------+----------+ | ||
+ | | 2 | rudi.burkart | secret | | ||
+ | | 1 | hans.will | geheim | | ||
+ | +------+--------------+----------+ | ||
+ | 2 rows in set (0.000 sec) | ||
[[Datei:Sql-injection-1.png]] | [[Datei:Sql-injection-1.png]] |
Version vom 15. Juni 2021, 18:29 Uhr
Vorüberlegung
Verhaltensweise einer SQL Abfrage
- Normale Abfrage
- MariaDB [sql_injections]> select * from users where username = 'rudi.burkart';
+------+--------------+----------+ | id | username | password | +------+--------------+----------+ | 2 | rudi.burkart | secret | +------+--------------+----------+ 1 row in set (0.000 sec)
- Oder Verknüpfung
- MariaDB [sql_injections]> select * from users where username = 'rudi.burkart' or username = 'hans.will';
+------+--------------+----------+ | id | username | password | +------+--------------+----------+ | 2 | rudi.burkart | secret | | 1 | hans.will | geheim | +------+--------------+----------+ 2 rows in set (0.000 sec)