Recently I came across a SQL Injection Cheat Sheet which contains this particular cheat sheet which I am confuse of ' or 1=1/*
Assuming I am testing it on this server-side code below.
SELECT * FROM users WHERE login='$login' AND password='$password';
Well I can't seem to bypass it with that cheat sheet. I am just curious why do they include it as a cheat sheet instead? How is that particular cheat sheet used?
What I am guessing and using my logic is there is only possibility of this cheat sheet usage is where the programmer mistakenly placed the ending comment tag */ behind the SQL query as shown in the server-side code below.
SELECT * FROM users WHERE login='$login' AND password='$password' */;
Feel free to explain the usage and also possibly verify my own understanding of this particular cheat sheet's usage instead.
Aucun commentaire:
Enregistrer un commentaire