SQL injection för MySQL
”The Hacker Webzine” har en bra ”cheat sheet” om du vill testa din mysql applikation… http://www.0×000000.com/?i=14
T.ex.
Basics
SELECT * FROM login /* foobar */
SELECT * FROM login WHERE id = 1 or 1=1
SELECT * FROM login WHERE id = 1 or 1=1 AND user LIKE ”%root%”
Use inside login form:
1′ OR 1=1–
1′ OR ’1′ = ’1
Themocracy