Skip to content

Support for escaped column name(s) SQL injection #120

New issue
New issue
Closed
Closed
Support for escaped column name(s) SQL injection#120
Assignees
stamparm
Labels
detectionenhancementnormal
Milestone
1.1
@stamparm

Description

@stamparm
stamparm
opened on Jul 25, 2012

Example:

$query = "SELECT `" . $_GET['id'] . "` FROM table"

Sample exploitation examples:

?id=id`=`id` AND 2>1 AND `id`=`id

Metadata

Metadata

Assignees

Labels

detectionenhancementnormal

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions