...
If validuser
is actually a valid user name, this SELECT
statement will select the validuser
record in the table. The hashed password is never checked because the expression '1'The reason the hashed password is never checked because username='1validuser' is always truetrue and the injection of the OR
which results in everything after the OR
being irrelevant provided it is syntactically correct. Consequently the attacker is granted the access of validuser
.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="347106bfb4054886-620249fa-47554e3b-950e9cd9-c8eaf2265fa9d66dae9334c1"><ac:plain-text-body><![CDATA[ | [[OWASP 2005 | AA. Bibliography#OWASP 05]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1436393f1c7b651c-5094453b-47eb4b53-a17aa3ba-780ae9c2eda6395259ddc277"><ac:plain-text-body><![CDATA[ | [[OWASP 2007 | AA. Bibliography#OWASP 07]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e6c7a789de17084d-6d4feff1-421343a3-9ddeae62-9588679fb031c5f1d5ab954c"><ac:plain-text-body><![CDATA[ | [[OWASP 2008 | AA. Bibliography#OWASP 08]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2f72848703122c46-ca515b47-4342493f-8062b75c-ac84f534fb36b7d4110de2a9"><ac:plain-text-body><![CDATA[ | [[W3C 2008 | AA. Bibliography#W3C 08]] | 4.4.3 Included If Validating | ]]></ac:plain-text-body></ac:structured-macro> |
...