0

When trying to access a login, an attacker might write the following statement in the username box:

user' OR '1'= '1

Why is that extra quote needed for user' ? Doesn't it show up in the hidden SQL syntax as 'admin'' with double quotes instead, rendering it invalid? The same question goes for the second 1 in the statement with only a front quote but not a back quote. If I add the back quote, it shows up with double quotes as ('1'') in the SQL.

I tried using a different combination of syntax, but this SQL code was the only option that worked. I've also tried using different characters to see whether the fact that 1 is an integer makes a difference, and it doesn't.

Bill Hileman
  • 2,798
  • 2
  • 17
  • 24
Turing'-'
  • 1
  • 3
  • It is assumed that the input gets a leading and trailing quote added to it by the running program i.e. it becomes `'user' OR '1'= '1'` which is valid syntax (but bad as input) – Paul Maxwell Aug 30 '23 at 00:14

0 Answers0