Differences

This shows you the differences between two versions of the page.

--- sql_injection [2019/10/05 16:11]
acm
+++ sql_injection [2019/10/05 18:51] (current)
acm
@@ Line 21: / Line 21: @@
 </code>
 Since 1 = 1 is always true, and any OR statement with a clause that is always true will also always be true, this statement will return every password in the database.
+=== Batched SQL Statements ===
+Another more powerful form of SQL Injection is using Batched SQL Statements. This allows us to write full SQL statements that are then executed by the server, rather than being limited to just modifying an existing statement. This works by closing out all open and expected inputs in the existing statement, ending it with a ';', and then providing a new statement of the attacker's own design. Randall Munroe, the creator of XKCD, provides an excellent example in the comic below.
+{{ :exploits_of_a_mom.png }}
+The SQL statement on the school's program probably looks something like the following:
+<code>
+“INSERT INTO Students VALUES (‘“ + firstName “‘,’”  +  lastName + “‘);”
+</code>
+Thanks to the specific nature of little Bobby's name, the statement that the server runs is:
+<code>
+INSERT INTO Students VALUES(‘Robert’); DROP TABLE STUDENTS;
+</code>
+This causes the software to delete the entire student table after inserting Robert into the table. This works as putting a semicolon into a SQL statement allows us to execute more than one statement per line.
+=== References ===
+https://www.w3schools.com/sql/sql_injection.asp \\
+https://appdividend.com/2019/07/18/sql-injection-example-what-is-sql-injection/ \\
+https://www.xkcd.com/327/ \\
+https://www.owasp.org/index.php/Blind_SQL_Injection \\

UT Martin Cyber Ambassadors

User Tools

Site Tools

Differences

Page Tools