User Tools
This is an old revision of the document!
SQL Injection
SQL(pronounced sequel) or Structured Query Language is a language that is used to access, modify, or insert data into a database. The backend of many modern web applications is an SQL-based database. While most applications won't let us directly access the database, assuming that the application is not filtering user input, we can give specific input designed to modify the SQL queries to do what we want. This technique is known as SQL Injection.
OR 1 = 1
One of the simplest forms of SQL Injection is the 'OR 1=1' injection. To give an example let's say an application has a feature that allows you to type in your username and in return, it shows you your password, (there are several security-based reasons a feature like this should not exist, but let's just say it does). The SQL statement that feature uses to retrieve the passwords may look something like this:
SELECT password FROM users WHERE username='$username';
Normally the user would input his or her name and $username would store that value making the statement look something like this:
SELECT password FROM users WHERE username='bob';
Now let's say I'm a hacker who wants to get the passwords of all the users in the system, but I'm not quite sure what their usernames are. What
