Shortest SQL Injection Attack syntax
Overview
=======
In many cases, the user’s input is limited to a specific
length.
Although the user’s input length is limited, many times the
server is vulnerable to SQL Injection attack’s.
In this post, we’ll discuss two scenarios and how SQL injections
attacks are being exploited using shortest SQL injection attack
syntax.
Get Database Name through 2-fields attack
==============================
In this scenario, the attacker attacks a web application which
receives First-Name and Last-Name, and outputs its matched e-mail
address. (see appendix A)
The original SQL query sent to the database is:
select EmailAddress from Person.Contact where FirstName = ‘@fn’ and LastName = ‘@ln’; –where @fn and @ln are the user’s input.
In order to get the database name, the attacker can …
[Read more]