I have made a website that is vulnerable against SQLi
.
But when I run a GET Request with the SQLi
'--
I get the wrong query output. Can someone help me with this?
This is my SQLi
This is how SQL runs the query.
The SQL query suppose to be different. It should have been: SELECT * FROM product WHERE id LIKE '%'
which should output all the data from the product
table.
Code snippet
This is correct and it's doing exactly what you told it to, given the input.
The GET request value is '--
and that is substituted for the variable $test
in your SQL query string. But it doesn't remove what comes after the $test
variable in the SQL query string.
Let me use some color-coding to show you:
SELECT * FROM product WHERE id LIKE '%
$test
%'SELECT * FROM product WHERE id LIKE '%
'--
%'
The characters --
form the start of an SQL comment, so anything after that is ignored after your SQL injection happens. The only functional part of the query is:
SELECT * FROM product WHERE id LIKE '%'