This topic contains 1 reply, has 2 voices, and was last updated by VOIDPCB 2 months ago.
- April 2, 2020 at 12:36 am #228819
So I have a class about programming and security and the way we are evaluated is we have to make possible exam questions about the topics we learned that week. We have to look for articles and make a question, multiple choice answers and the reason why an answer is wrong/correct.
Last class we learned about SQL injection and I thought I would make the question like “what SQL injection technique was used in this attack?”. But every article I found doesn’t talk about the technique used they say “stole information using SQL injection” but nothing more…
So I don’t know what questions I can make from that… Would appreciate the help.
- April 2, 2020 at 12:36 am #228820
[Here](https://hackaday.com/?s=SQL+injection) are a few SQL injection examples.
- April 2, 2020 at 12:36 am #228821
For example the website accesses its database with
” SELECT product_name FROM table1 ”
The product name is supplied through user input.
You could inject
” ‘ UNION SELECT pw from table2 ## ”
What this does is it would make the product name blank and join another table and finally comment out the rest of the remaining SQL string cuz u dont need it.
This is super super simplified
You must be logged in to reply to this topic.