sql - Why does SELECT 'a'='b'='c' return 1 in MYSQL? -


i doing homework security class involving sql injections. found shorter sql injection typical ' or '1'=1 example. instead '='. typing in password field of typical login boxes gives sql query this:

select * users username='user' , password=''='';

it turns out password=''='' evaluates 1, allowing sql injection work.

after doing more testing, saw if test if string equal 0, returns 1:

select 0='a';

so in example, password='' evaluate 0 , 0='' end evaluating 1.

my testing showed me how happening, want know why happens (i.e why 0='a' true?.

as documented under type conversion in expression evaluation, comparisons between string , integer performed numerically:

  • in other cases, arguments compared floating-point (real) numbers.

therefore, operands converted floating-point numbers , compared.

conversion of string float consider every numeric character (and first period or exponentiation character) encountered first non-numeric character. therefore 'hello' or 'a' truncated '' (and thereby cast zero) whereas '123.45e6foo789' truncate '123.45e6' (and thereby cast 123,450,000).

thus 1 can see how 0='a' true: compared 0=0.

that password=''='' true (provided that password non-empty string, or non-zero numeric) comes because first comparison results in 0 (false), forces second comparison performed numerically (thus converting '' 0 comparison 0 result of first comparison).


Comments

Post a Comment

Popular posts from this blog

php - Add the correct number of days for each month -

using following function can display years , months between 2 dates, how can add correct days each month array within each month? can't add days manually need account leap years etc. function yearmonth($start_date, $end_date) { $begin = new datetime( $start_date ); $end = new datetime( $end_date); $interval = new dateinterval('p1m'); // 1 month interval $period = new dateperiod($begin, $interval, $end); foreach ( $period $dt ) $years[$dt->format( "y" )][] = $dt->format( "f" ); return $years; } $list = yearmonth("2007-03-24", "2009-06-26"); var_dump($list); since nobody else answered: function yearmonth($start_date, $end_date) { $begin = new datetime( $start_date ); $end = new datetime( $end_date); $interval = new dateinterval('p1d'); // 1 month interval $period = new dateperiod($begin, $interval, $end); $lastmonth = null; $lastyear = null; $aresult = array(); forea...
Read more

java.util.scanner - How to read and add only numbers to array from a text file -

i'm learning java , have question regarding reading file want read numbers file contains strings well. here example of file: 66.56 "3 java 3-43 5-42 2.1 1 and here coding: public class test { public static void main (string [] args){ if (0 < args.length) { file x = new file(args[0]); try{ scanner in = new scanner( new fileinputstream(x)); arraylist<double> test = new arraylist<>(); while(in.hasnext()){ if(in.hasnextdouble()){ double f=in.nextdouble(); test.add(f);} else {in.next();} } catch(ioexception e) { system.err.println("exception during reading: " + e); } } my problem add 66.56,2.1 , 1 doesn't add 3 after "3 or ignores 3-43 , 5-42 can tell me how skip strings , add doubles here? thanks all said 3 ie; "3, 3-43 , 4-42 strings either u read string , split , check number @ " , - or put in space between characters , integers. jvm after compilation tre...
Read more