A quick posting about a fun SQL injection I cracked last week (of course, it’s only when you’ve cracked them that they’re fun!). A colleague had found the classic sign of a problem – add a single quote and you get an error – but was having no luck doing anything more. I was getting nowhere with my test so I thought I’d take a look for a change of scene. The input field was in a search box so, for example, search=keyword'
returned an error but search=keyword''
was fine. Anything more exciting than that, however, such as search=keyword' and '1'='1
, didn’t seem to work as expected: in this case, an error was returned instead of the same set of results that the normal search=keyword
produced. Continue reading
SQL Injection in Search Fields
6 Replies