sql injection

G

g--g

Can anyone supply me with ONE SINGLE example of how anyone could use
SQL injection in a dynamic SQL statement when the system is programmed
to remove : "single quotes", "semi-colon", and "double dashes" in all
input parameters passed to the SQL syntax?

I can't seem to find one example of SQL injection that does not
require the use of these SQL delimiters...

Thanks for any response.
 
G

Greg Young

SELECT * FROM FOO WHERE ID=VALUE

assuming value is an int coming from a drop down list value...

using proxy change integer to ... 8 OR 1=1

Cheers,

Greg
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SQL Injection 4
SQL Injection detection 1
sql injection problem 2
SQL Injection protection 12
email validation: just enough to prevent sql injection 7
SQL Injection Prevention Quickfix.. will it work 16
SQL Injection - Stored Procedures 25
Python and PEP8 - Recommendations on breaking up long lines? 19

Members online

No members online now.
Total: 30 (members: 0, guests: 30)
Robots: 170

Forum statistics

Threads
473,774
Messages
2,569,599
Members
45,162
Latest member
GertrudeMa

Latest Threads

Top