Sql injection is outdated, but however do check if u have a website based on database query is a victim of sql injection
A simple example of a SQL injection attack is to use the single quotation mark as part of
an input value to a Web page.Database Server ignores everything after "--" or "#" because these characters are the single line comment sequence.Another example of a SQL injection attack is making the condition true by giving the identical value to a web page.
These values can be inserted into a login as follows:
o Login: 1' or '1'='1 and Password= 1' or '1'='1
o Login: 1' or '1'='1';--
o Login: admin’--
o Login: admin'#
Measures to prevent sql injection:
o Input Validation on the SQL injection
o Use Javascripts that allow only known good input from the Web server to the
Database server.
No comments:
Post a Comment