Found OR 1 1 sql injection in my newsletter database

Question

I found the following in the  e-mail  field of my newsletter subscriber database    OR 1 1    I know it s a SQL injection  but that s it  I ve googled it a little bit  but I m still on clear on what exactly it s trying to achieve  This occurred early Nov  and to my knowledge we had no outages around that time  Can any of you kind souls tell me what this guy was probably trying and do  Is there any way to know whether he achieved what he was trying to do   I know virtually nothing about this and I m worried

User · Accepted Answer

OR 1 1 is an attempt to make a query succeed no matter what The    is an attempt to start a multiline comment so the rest of the query is ignored   An example would be   SELECT userid  FROM users  WHERE username     OR 1 1         AND password          AND domain        As you can see if you were to populate the username field without escaping the   no matter what credentials the user passes in the query would return all userids in the system likely granting access to the attacker  possibly admin access if admin is your first user   You will also notice the remainder of the query would be commented out because of the    including the real     The fact that you can see the value in your database means that it was escaped and that particular attack did not succeed  However  you should investigate if any other attempts were made

User · Answer

It probably aimed to select all the informations in your table  If you use this kind of query  for example in PHP     mysql query  SELECT   FROM newsletter WHERE email     email       The email   OR 1 1   will give this kind of query    mysql query  SELECT   FROM newsletter WHERE email      OR 1 1        So it selects all the rows  because 1 1 is always true and the rest of the query is  commented    But it was not successful   if strings used in your queries are escaped if you don t display all the queries results on a page

User · Answer

The specific value in your database isn t what you should be focusing on   This is likely the result of an attacker fuzzing your system to see if it is vulnerable to a set of standard attacks  instead of a targeted attack exploiting a known vulnerability   You should instead focus on ensuring that your application is secure against these types of attacks  OWASP is a good resource for this   If you re using parameterized queries to access the database  then you re secure against Sql injection  unless you re using dynamic Sql in the backend as well   If you re not doing this  you re vulnerable and you should resolve this immediately   Also  you should consider performing some sort of validation of e-mail addresses

User · Answer

Its better if you use validation code to the users input for making it restricted to use symbols and part of code in your input form   If you embeed php in html code your php code have to become on the top to make sure that it is not ignored as comment if a hacker edit the page and add    in your html code

[mysql] Found 'OR 1=1/* sql injection in my newsletter database

Examples related to mysql

Examples related to security

Examples related to sql-injection