COMP 189 Lecture Notes - Lecture 17: Semicolon, Sql Injection
Document Summary
Webserver serves up google page, type up query, and google says it will look for it, fires it off to the database, database comes up results, google gets them and passes them back. Attack the database at the front page of website. (cid:455)ou (cid:272)a(cid:374) delete ta(cid:271)les fro(cid:373) google(cid:859)s data(cid:271)ase of we(cid:271)pages. Select url from pages where text like Select * f om users whe e (cid:374)a(cid:373)e like (cid:858)%; If we do(cid:374)(cid:859)t k(cid:374)ow users, use a differe(cid:374)t (cid:272)o(cid:373)(cid:373)a(cid:374)d, et(cid:272). What can we put there to corrupt the system. Put (2 dashes) and sql ignores everything else on that line --- you can make these table pages be dropped. Select url f om pages whe e te(cid:454)t like (cid:862)(cid:271)lah(cid:863); drop ta(cid:271)le pages; - - We need the - - after because we have the dangling quote in semicolon. Sql sanitation - looks at the command and can see if it was 2 commands.