changed 4 years ago

Podatkovne baze 1 - vaje 14.12.2020

SQL injection

SELECT * FROM uporabnik
WHERE username = '{0}' AND password = '{1}';

Zlonamerni uporabnik vnese:

  • uporabniško ime: ' OR username = 'admin'; --
  • geslo: HAHA
SELECT * FROM uporabnik
WHERE username = '' OR username = 'admin'; --' AND password = 'HAHA';
Select a repo