Jump to content

The ultimate question

ERO!

By ERO!
in The Coliseum of Chatter

 Share

Recommended Posts

Nosebleed Fuwa Cheater

Nosebleed

Posted
Posted

Honestly, i dont get it

 

In SQL, commands are separated by semicolons ; and data is often quoted using single quotes '. Commands may also be enclosed in parentheses( and ). Data is stored in tables of similar items (e.g. students) and individual entries are "rows" in the table. To delete an entire table (and every row of data in that table), you use the commandDROP (e.g. DROP TABLE students). The -- represents the start of a SQL comment which ensures that the rest of the command is ignored so an error will not occur.

The exploited vulnerability is that the single quote in the name input was not properly "escaped" by the software. Thus, when the name is embedded into some SQL statement, the quote is erroneously parsed as a closing quote inside that statement, rather than being parsed as part of the name. Lack of such escaping is a common SQL vulnerability; this type of exploit is referred to as SQL injection.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...