i set up an example server to learn more about SQL injections. I've found an instruction on http://sechow.com/bricks/docs/content-page-3.html which contains the following example:
POST Data: username=tom' order by 1 -- +&submit=Submit
SQL Query: SELECT * FROM users WHERE name='harry' ORDER BY 1 -- +'
The page displays the content without any issues and there are no error messages.
What is the function of ' -- + ' in the end of the query?
Thank you in advance!
Is comment the rest of the code. The inject part is the ORDER BY 1
Imagine your code is
WHERE login = 'tom' and password 'i dont know'
that will be change to
WHERE login = 'harry' ORDER BY 1 -- +and password 'i dont know'
EDIT
I just read the example. the + '
is to close the string
See how after the 2 the result have a '
?
POST Data: username=tom' and 1='2&submit=Submit
SQL Query: SELECT * FROM users WHERE name='harry' AND 1='2'
You other version will be
POST Data: username=tom' order by 1 -- +&submit=Submit
SQL Query: SELECT * FROM users WHERE name='harry' ORDER BY 1 -- +'
SELECT * FROM users
WHERE name='harry'
ORDER BY 1 -- + ''