stefan
/
presentations
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changes inside the presentation for better understandings of the topic

This commit is contained in:
Stefan Friese 2024-05-06 15:22:43 +00:00
parent 502a8b34b2
commit ac54047097
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
introduction-to-sql-injection/presentation.html
View File

@ -139,8 +139,8 @@ class="sourceCode sql"><code class="sourceCode sql"><span id="cb1-1"><a href="#c
<section class="slide level1"> <section class="slide level1">
<h3 id="number-2">Number 2</h3> <h3 id="number-2">Number 2</h3>
<p>User input is possible inside a value of type string as a part of <p>User input is possible as a part of said SQL query. Input is
said SQL query.</p> delimited, e.g. by <code>'</code> characters.</p>
<div class="sourceCode" id="cb2"><pre <div class="sourceCode" id="cb2"><pre
class="sourceCode sql"><code class="sourceCode sql"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span></span> class="sourceCode sql"><code class="sourceCode sql"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span></span>
<span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a> <span class="kw">cursor</span>.<span class="kw">execute</span>(</span> <span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a> <span class="kw">cursor</span>.<span class="kw">execute</span>(</span>
@ -166,6 +166,7 @@ class="sourceCode sql"><code class="sourceCode sql"><span id="cb3-1"><a href="#c
</blockquote> </blockquote>
<ul> <ul>
<li class="fragment">Close the existing string with: <code>'</code></li> <li class="fragment">Close the existing string with: <code>'</code></li>
<li class="fragment">Concatenate a second query: <code>or</code></li>
<li class="fragment">Write a query that equals to True: <li class="fragment">Write a query that equals to True:
<code>1=1</code></li> <code>1=1</code></li>
<li class="fragment">End the SQL query through a comment: <li class="fragment">End the SQL query through a comment:
@ -178,7 +179,9 @@ class="sourceCode sql"><code class="sourceCode sql"><span id="cb3-1"><a href="#c
Like</h3> Like</h3>
<div class="sourceCode" id="cb4"><pre <div class="sourceCode" id="cb4"><pre
class="sourceCode sql"><code class="sourceCode sql"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true" tabindex="-1"></a><span class="kw">SELECT</span> <span class="op">*</span> <span class="kw">FROM</span> users <span class="kw">WHERE</span> username <span class="op">=</span> <span class="st">&#39;&#39;</span> <span class="kw">or</span> <span class="st">&#39;1&#39;</span> <span class="op">=</span> <span class="st">&#39;1&#39;</span> <span class="co">-- - AND password &#39;%s&#39;</span></span></code></pre></div> class="sourceCode sql"><code class="sourceCode sql"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true" tabindex="-1"></a><span class="kw">SELECT</span> <span class="op">*</span> <span class="kw">FROM</span> users <span class="kw">WHERE</span> username <span class="op">=</span> <span class="st">&#39;&#39;</span> <span class="kw">or</span> <span class="st">&#39;1&#39;</span> <span class="op">=</span> <span class="st">&#39;1&#39;</span> <span class="co">-- - AND password &#39;%s&#39;</span></span></code></pre></div>
<p><em>Numbers as strings is an SQLite specific thing</em></p> <p>You can see thath the value of username has been closed by the
<code>'</code> character.<br />
<em>Numbers as strings is an SQLite specific thing</em></p>
</section> </section>
<section class="slide level1"> <section class="slide level1">

6
introduction-to-sql-injection/sql_injection.md
View File

@ -34,7 +34,8 @@ sql_query =
### Number 2 ### Number 2
User input is possible inside a value of type string as a part of said SQL query. User input is possible as a part of said SQL query. Input is delimited, e.g. by
`'` characters.
```sql ```sql
sql_query = sql_query =
@ -60,6 +61,7 @@ sql_query =
>``` >```
* Close the existing string with: `'` * Close the existing string with: `'`
* Concatenate a second query: `or`
* Write a query that equals to True: `1=1` * Write a query that equals to True: `1=1`
* End the SQL query through a comment: `-- -` * End the SQL query through a comment: `-- -`
@ -70,7 +72,7 @@ sql_query =
```SQL ```SQL
SELECT * FROM users WHERE username = '' or '1' = '1' -- - AND password '%s' SELECT * FROM users WHERE username = '' or '1' = '1' -- - AND password '%s'
``` ```
You can see thath the value of username has been closed by the `'` character.
*Numbers as strings is an SQLite specific thing* *Numbers as strings is an SQLite specific thing*
--- ---