Why is this sql correct? (sql injection)

Question

Why is this sql correct? (sql injection)

What does it mean?

SELECT * from users where password = ''*'';

If I checked this in mysql workbench, I get only one row , although I have many users in the table.

What exactly does it choose?

+4

sql mysql sql-injection

Dantalian Mar 07 '17 at 18:41

source share

3 answers

SQL. SELECT 5-4 AS one 1. , , .
MySQL - , . . '' * ''
MySQL . , 0 = 'name' .

+5

Your Common Sense 07 . '17 19:22

''*'' - : ( ) ( 0), 0. , ( ), .

This is a bit unclear, and you could ask yourself if it was intended in your case or random behavior, while the actual intention was to check '*'. A user with bad intentions could enter '*'as a password, hoping that you were not protected from SQL injection in order to log in without a valid password.

+4

trincot Mar 07 '17 at 19:20

source share

Sergio Tulentsev · Accepted Answer · 2017-03-07T19:10:29+0000

Interest Ask. Let's see what does ''*''.

mysql> select ''*'';
+-------+
| ''*'' |
+-------+
|     0 |
+-------+

Create multiple users:

mysql> select * from users;
+------+-------+
| id   | name  |
+------+-------+
|    1 | joe   |
|    2 | moe   |
|    3 | shmoe |
|    4 | 4four |
+------+-------+

And check our request:

mysql> select * from users where name = ''*'';
+------+-------+
| id   | name  |
+------+-------+
|    1 | joe   |
|    2 | moe   |
|    3 | shmoe |
+------+-------+

Interestingly, user 4 was not selected! But try this:

mysql> select * from users where name = 4;
+------+-------+
| id   | name  |
+------+-------+
|    4 | 4four |
+------+-------+

So what can we subtract from this?

''*'' somehow it means 0 (I'm not so fluent in mysql string operations, so let's consider this a fact);
MySQL, -, . , varchar , int , ;
, password 0 .

Why is this sql correct? (sql injection)

More articles: