SQL Injection

How will you test the Log-in fields for SQL injection?
What will you put in user / password for testing on security level?

Questions by sunejauk05

Showing Answers 1 - 3 of 3 Answers

mathan_vel

  • Jul 29th, 2010
 

The Test Data Inputs are
1) ' (Single quote)
2) '1'='1
3) we can pass the same i/p's as query in the form of  SELECT * FROM users WHERE name = '' OR '1'='1';
 (If the text field accepts that much characters)
4)  statement = "SELECT * FROM users WHERE name = '" + userName + "';"

Before trying to pass those inputs,as a security tester try to catch the Table Name and Attributes(fields), if so you can play with refined Data attributes and find out more Security issues by SQL Injection.

First try to catch in  the order, Database Name->Table Name->Attributes->Data Types

  Was this answer useful?  Yes

Give your answer:

If you think the above answer is not correct, Please select a reason and add your answer below.

 

Related Answered Questions

 

Related Open Questions