Matt Magallo Matt Magallo - 7 months ago 26
SQL Question

Q: Login SQL Injection

So i have here a classic Login

SELECT
statement:

SELECT * FROM users WHERE username = '{var}' AND password = md5('{var}')


Attack:

SELECT * FROM users WHERE username = 'admin' -- ' AND password = md5('{var}')


my question is would it be still susceptible to SQL Injection if i use this statement:

SELECT * FROM users WHERE password = md5('{var}') AND username = '{var}'

gbn gbn
Answer

Yes

Just set user name variable to xxx' OR 1=1-- which becomes

...AND username = 'xxx' OR 1=1--

Parametrise correctly

Comments