Tuesday, 13 August 2019

OWASP


If you are vulnerable to SQL Injection, attackers can run arbitrary commands against your database.

Let's say our username is user@email.com and password is password (which is wrong)

Now if the hacker is writing something like  password'   (with ' )

When it is simple SQL statement it will throw an error like below



  • An error occurred: PG::SyntaxError: ERROR: unterminated quoted string at or near "'password'' limit 1" LINE 1: ...ers where email = 'user@email.com' and password = 'password'... ^ : select * from users where email = 'user@email.com' and password = 'password'' limit 1.
  • Unable to login this user due to unexpected error.