The same GET request can also be sent using AJAX in a way that is not visible in the URL but can be seen just as easily in the developer console (try hitting F12 in your web browser). You’ve probably seen strings like that in the URL of your web browser. A GET request might look like: …/cards?id=0&first=JOHN&last=DOE&ssn=5555 The above HTML form will usually send the query to the application web server using a GET or POST request method.
This is the most trivial way to interact with the application, but far from being the only one. Non-Trivial InputĪll the examples so far entered data into fields in the form. There will be additional discussion on this subject in the section on static analysis. While these expressions will probably always be true, it’s impossible to determine that without understanding the data in each column. It is impossible to distinguish these expressions from proper application logic.
The expressions below use column values and are, therefore, no tool can calculate the expressions to determine they are always true. But that just means we need to take another tiny step forward. This means that in theory, it could be possible to detect that the above examples are SQL injections. If we had a tool that was smart enough to calculate every expression the database can perform, it would be able to determine that these expressions are always true. However, all these examples use literals (constants).
0 kommentar(er)
