Is it my turn to ask now?
| SitePoint Sponsor |
Is it my turn to ask now?
You sure you didn't test it..?
[ Edit: Missed third page; sure ask one now]
- Nathan
Just barging in with a question;
What is this?Code:%27+AND+1%3D1
What is it trying to exploit?
How might it be used?
Ok, I'm just guessing. But I think that it isOriginally Posted by HarryF
' AND 1=1
And it would be added to a URL of a GET form, or typed into a text box in a form that does something (Like a login page or a delete page). It is trying to do an SQL Injection. So if the programmer used code like
And the user typed in Sojomy for the username, and ' AND 1=1 for the password, the actual SQL Query would look like thisPHP Code:$SQLStatement = 'SELECT * FROM Users '
. 'WHERE UserName=\'' . $_GET['UserName'] . '\' '
. 'AND Password=\'' . $_GET['Password'] . '\'';
mysql_query($SQLStatement);
SELECT * FROM Users WHERE UserName='Sojomy' AND Password='' AND 1=1
But I'm confused HarryF, shouldn't it be ' OR 1=1 so that it will find a user even if the Username and Password don't match, and still give you access? Or in a delete table, delete everything even if the query paramaters don't match?
Also, this will only work if magic_quotes_gpc is turned off, and the programmer does not use AddSlashes() on his data before puts it into the database. Was I close enough?
Pretty close, I think Harry was just trying to show how it could be done, and not an actual thing, but the 'OR 1=1 does make more sense.
Who walks the stairs without a care
It shoots so high in the sky.
Bounce up and down just like a clown.
Everyone knows its Slinky.
Whoops - yep 'OR 1=1' ( *cough* ) - anyway - spot on!
Back on track people! You've got to answer a question before you can ask one. The next question should be from cyborg
Sean
Harry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
Sorry - couldn't help myselfBack on track people! You've got to answer a question before you can ask one. The next question should be from cyborg
Technically, I am the one who answered HarryF's question, Cyborg just validated it
But since I'm still new (I think) and Cyborg did answer the base64_decode, questionI'll let him ask a question for me.
That's the question I'm on about. If he doesn't post one soon feel free
Sean
Harry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
Go ahead, I am at a loss, been thinking for over 25 hours now... can't come up with anything.
Who walks the stairs without a care
It shoots so high in the sky.
Bounce up and down just like a clown.
Everyone knows its Slinky.
Well I can't think of anything trivial, so I'll ask a question that I want to know the answer to, and I'm sure HarryF will jump right on it...but others feel free to if he doesn't.
What is the point of using OOP to create classes that you will never instantiate more than one instance of at a time? I understand it makes stuff "cleaner" (as everyone here seems to put it), but so does putting the relative functions in a file together. So why is OOP a better method?
In my opinion, in most cases, it isn't... Until PHP5 that is, which will bring more functionality in general to the entire OOP interface.
Who walks the stairs without a care
It shoots so high in the sky.
Bounce up and down just like a clown.
Everyone knows its Slinky.
Let's have a question ...
Sean
Harry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
Why don't you post one, sean? Otherwise everyone will just be looking to each other for the question.Let's have a question ...
Sean
It's hard to think up questions, but hopefully we're all learning something
Question:
Which PHP extension allows you to process credit cards without a third-party (such as Authorize.Net)?
Sean
Harry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
That would be cURL with SSL support
Nasir
nasir.us
That's right in that it can be used for that, but there's a specific extension I'm looking for. You're welcome to post a question though
Sean
Harry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
ah, think I got it. But I'll give some one else a chance to guess first.
Will post my question in a few hours. leaving for college right now [img]images/smilies/biggrin.gif[/img]
Nasir
nasir.us
Answer to sean's question is: CCVS & MCVE
don't have anything usefull to ask, how about what does LAMP stand for, in context of opensource development.
Nasir
nasir.us
Easy
Linux, Apache, MySQL & PHP
But I'm more of a WAMP kinda guy
same here
Nasir
nasir.us
I thought the P in LAMP was PHP/Python/Perl.
TuitionFree — a free library for the self-taught
Anode Says... — Blogging For Your Pleasure
Leave
All
Microsoft
Products
Question sojomy?
Sean
Harry Potter
-- You lived inside my world so softly
-- Protected only by the kindness of your nature
Posting Permissions
Bookmarks