The beginning of a SQL query cannot be modified since that is generated by the PHP source code that runs on the server. Appending an odd number of single quotes cause error, while an even number of single quotes don't cause errors. When the webpage remains the same or isn’t found then this means it’s not vulnerable. In case some kind of an error message is shown, this indicates that the website is vulnerable. To test whether a website is vulnerable, a single quote ‘ can be added behind the webpage URL/product.php?id=1'generating an incorrect SQL query SELECT * FROM products WHERE id=1' Webpage URL appended with /product.php?id=1 generates a query like SELECT * FROM products WHERE id=1
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |