开发者

Is this site vulnerable to an SQL injection attack? [closed]

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center. Closed 11 years ago.

I am visiting a site and I mistakenly entered a single quote while I was trying to hit the enter key.

The URL that got sent is: http://www.domain.tld/link.php?id=2603' (censored :) )

Resulting in the following response from th开发者_StackOverflow中文版e site:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

I've tried to do: http://www.domain.tld/link.php?id=2603; SHOW TABLES; But that didn't work :P

So my question is: can this site vulnerable to sql injection?


Most likely yes. Without getting into the details of how to perform an actual injection attack, you could try something like:

http://www.domain.tld/link.php?id=2603';malicious code --

Incidentally, I HIGHLY recommend that you not dink around with this too diligently. Accessing other computers in an unauthorized manner is against the law in the US and many other countries, and if you do something damaging, they can come after you. The best bet is to contact the site's owner and let them know exactly what you're seeing so that they can address the issue.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜