The query in the code builds a dynamic query by concatenating a number making it susceptible to Numeric SQL injection. Learn more about Numeric SQL Injection.
Last updated
The query in the code builds a dynamic query as seen in the previous example. The query in the code builds a dynamic query by concatenating a number making it susceptible to Numeric SQL injection:
Using the two Input Fields below, try to retrieve all the data from the users table.
Warning: Only one of these fields is susceptible to SQL Injection. You need to find out which, to successfully retrieve all the data.
The User_ID at the end is not part of the STRING so its going to be our vulnerable field.
We need to find statements that follows a technique for evaluating truth. We can insert 0 in the loging account and 1 OR 0=0.
Hint: You do not need to insert any quotations into your injection-string.
Login_count: 0
Visit Cycubix.com to find out more about our Application Security training courses. We also offer (ISC)² Official training for CISSP, SSCP, CCSP and CSSLP certifications.
