whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

typos

This commit is contained in:
Stefan Friese 2022-11-14 00:58:35 +01:00
parent 801eace271
commit 592b45106b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Exploits/Databases/SQL Injection.md
View File

@ -1,6 +1,6 @@
# SQL Injection
In an SQL injection an SQL command is ended prematurely through setting the quote earlier than intended by the original programmer. The malicious command is then ended by an SQL comment to ignore the following parts of the original SQL command.
In an SQL injection an SQL statement is ended prematurely through setting the quote earlier than intended by the original programmer. The malicious command is then ended by an SQL comment to ignore the following parts of the original SQL statement.
A piece of understanding the way of injecting malicious SQL commands is to understand the syntax of [MySQL Comments](https://blog.raw.pm/en/sql-injection-mysql-comment/).
* [OWASP SQLi Docs](https://www.owasp.org/index.php/SQL_Injection)
@ -72,7 +72,7 @@ http://example.com/?id=1' and (ascii(substr((select database(),1,1)) = 115 --+
Union based injections is an incremental and cautios approach.
Start by trying to provoke errors to validate a possible injection.
* _First method__ check by order until error occurs
* __First method__ check by order until error occurs
```sql
' order by 1 -- -
' order by 2 -- -