SQL Injection Intro (10) | Numeric SQL Injection | Cycubix Docs
The query in the code builds a dynamic query by concatenating a number making it susceptible to Numeric SQL injection. Learn more about Numeric SQL Injection
Try It! Numeric SQL injection
The query in the code builds a dynamic query as seen in the previous example. The query in the code builds a dynamic query by concatenating a number making it susceptible to Numeric SQL injection:
Using the two Input Fields below, try to retrieve all the data from the users table.
Warning: Only one of these fields is susceptible to SQL Injection. You need to find out which, to successfully retrieve all the data.
Solution
💡 Try to check which of the input fields is susceptible to an injection attack. 💡 Insert: 0 or 1 = 1 into the first input field. The output should tell you if this field is injectable. 💡 The first input field is not susceptible to sql injection. 💡 You do not need to insert any quotations into your injection-string.
Login_count:
0
User_Id:
0 OR 1=1
Further training
Visit Cycubix.com to find out more about our Application Security training courses. We also offer (ISC)² Official training for CISSP, SSCP, CCSP and CSSLP certifications.
Last updated