The joys of SQL injection

Posted on Tuesday 7 June 2005

I’m looking for an apartment for July and a local newspaper site offers premiere access to their classifieds before they’re published. For 24.95$ a month. After I paid my subscription, I thought: “Hey, maybe these guys didn’t think about SQL injection.”. So in the username field I typed “‘ OR 1=1 –” and bam! there’s the secure site. So much for my 24.95$.

Guys, be careful about SQL injection. It takes 2 minutes to hack a site that doesn’t escape single quotes. Don’t let it be yours.


WordPress database error: [Can't open file: 'wp_comments.MYD'. (errno: 145)]
SELECT * FROM wp_comments WHERE comment_post_ID = '110' AND comment_approved = '1' ORDER BY comment_date

No comments have been added to this post yet.

Leave a comment




Your e-mail address is never displayed. If you run into issues with SpamKarma blocking you, email me at $patrick->5etdemi(com)


RSS feed for comments on this post | TrackBack URI