قسم الرياضيات و الإعلام الإلي

www.univ-soukahras.dz/ar/dept/mi

المقياس: Sécurité informatique

  1. معلومات
  2. الأسئلة
  3. التعليم عن بعد

SQL injection

0 votes

Qui peut m'expliquer qu'est ce qu'on entend par sql injection ?

نشر على 18:43, الخميس 19 ماي 2016 By mohammed tebib (377 points)
In Sécurité informatique


أجوبة (1)




جواب (1)

2 votes

this attack is performed on web site that uses SQL data base with poor code , most common on login screen.

for ex if the login is performed with this simple query:

SELECT id FROM users WHERE username='user1' AND password='pass1';

the injector starts testing by entring single quote in the user field :

SELECT id FROM users WHERE username=''' AND password='pass1';

while the single quote is special char in SQL this will produce a syntax error then the injector will know that this site is infected, so he starts the injection for ex by entring ' OR '1'='1 :

SELECT id FROM users WHERE username='' OR '1'='1' AND password='' OR '1'='1';

the command will force the web site to login because the evaluation of OR '1'='1' is always true an login with the first user in the database table and so on. this is a simple explanation there is a lot of other technics to do it.

hope this was useful.

نشر على 18:12, الجمعة 20 ماي 2016 by Mouadh Bekhouche (17 points)
In Sécurité informatique



هل لديك جواب ?