First page Back Continue Last page Overview Graphics

SQL (?) injection

Many embedded apps don't use a SQL db
- SQLite, file based db being used more
- Depending on how data is stored, similar techniques could be used
Abuses SQL queries with crafted data from form variables:

SELECT id FROM users WHERE name='$name' AND pass='$pass' if $pass is: ' OR 1=1 -- query becomes: SELECT id FROM users WHERE name='$name' AND pass='' OR 1=1 --'

SQL (?) injection

Many embedded apps don't use a SQL db

Abuses SQL queries with crafted data from form variables: