|
Yup. I ignore the CCC myself but many others appear to enjoy it. I don't think it counts as a programming question.
I just realized your question might be a quiz type question. In which case the answer might be \0D --.
- I would love to change the world, but they won’t give me the source code.
|
|
|
|
|
� Forogar � wrote: In which case the answer might be \0D --.
SELECT * FROM test WHERE id=100
still works.
|
|
|
|
|
I did say "might be".
- I would love to change the world, but they won’t give me the source code.
|
|
|
|
|
|
|
By "query fails" do you mean that the query returns 0 results?
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
It breaks - gives unintended result. Throws an error or 0 results.
For now, assume this query returns data.
|
|
|
|
|
Sandeep Mewara wrote: ...or 0 results. From the limited information provided, if the query is returning 0 results, I'd assume there are no rows in 'test' whose 'id' column has a value of 100.
Sandeep Mewara wrote: For now, assume this query returns data. Are you not wanting it to? Your initial post asks what would cause the query to fail. So either the query is failing and you don't want it to, or it is succeeding and you want to find a way to make it fail. Color me confused.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
Intent here is to do sql injection and see how to misuse it.
|
|
|
|
|
Sandeep Mewara wrote: 0 results.
I don't think it's mere semantics but, in my opinion at least, returning 0 results is not throwing an error - the query ran and sent back an empty results set.
This might be a way to trigger a great debate thread.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
mmmm.... Is that not open to sql injection?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Yes - intent here is to do sql inject and see how to misuse it.
|
|
|
|
|
Sandeep Mewara wrote: PS: You cannot put * in the value anywhere. Given that you did not put any restrictions on programming language or database software... what comes to my mind is bypassing that rule with a SQL trigraph[^]
Trigraphs | Microsoft Docs[^]
|
|
|
|
|
-1; DELETE FROM test WHERE ID <>
your question was poorly phrased I'd say... but I suggest the value above so that final query is
SELECT * FROM test WHERE id= -1; DELETE FROM test WHERE ID <> 100
|
|
|
|
|
Super Lloyd wrote: your question was poorly phrased I'd say... but I suggest the value above so that final query is
Apologies if that was confusing or I was not able to convey it correctly.
There is a query where something is mentioned in multiline quotes. Text in multiline quote is user driven. Can we put anything in that so that we misuse the queyr?
SELECT * FROM test WHERE id= 100
|
|
|
|
|
Trick question? There is no input value considered:
SELECT * FROM test WHERE id= 100
It's all an in-line comment. If the test table has no id column you'd get an error though. Or am I misunderstanding something?
|
|
|
|
|
Neh. Just trying to see how to misuse above sceanrio via SQL injection. Currently it is valid sql query that returns data.
|
|
|
|
|
SELECT * FROM test WHERE id= 100
No star needed, just /
Espen Harlinn
Senior Architect - Ulriken Consulting AS
The competent programmer is fully aware of the strictly limited size of his own skull; therefore he approaches the programming task in full humility, and among other things he avoids clever tricks like the plague.Edsger W.Dijkstra
|
|
|
|
|
Just tested this with MySQL and it works fine. What db does this fail with for you?
|
|
|
|
|
SQL Server:
Msg 113, Level 15, State 1, Line 1
Missing end comment mark '/'.
Msg 113, Level 15, State 1, Line 1
Missing end comment mark '/'.
Msg 102, Level 15, State 1, Line 1
Incorrect syntax near '='.
Espen Harlinn
Senior Architect - Ulriken Consulting AS
The competent programmer is fully aware of the strictly limited size of his own skull; therefore he approaches the programming task in full humility, and among other things he avoids clever tricks like the plague.Edsger W.Dijkstra
modified 12-Mar-21 3:52am.
|
|
|
|
|
|
Even if this works, INPUT cannot have * in it.
|
|
|
|
|
Quote: Even if this works, INPUT cannot have * in it.
It doesn't - I just replaced " INPUT " with "/"
Espen Harlinn
Senior Architect - Ulriken Consulting AS
The competent programmer is fully aware of the strictly limited size of his own skull; therefore he approaches the programming task in full humility, and among other things he avoids clever tricks like the plague.Edsger W.Dijkstra
|
|
|
|
|
The used * are yours, not his
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Did you try:
1. HTML entities, like *
2. ASCII/Unicode in hex/octal \x2a \u002a \052
Some of those might sneak through.
Just a thought from someone who knows nothing of your environment.
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|