Talk:OWASP Testing Guide v2 Table of Contents

Revision as of 15:09, 11 January 2007 by Woodmi (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

I believe that publishing this SQL injection as a test method is extremely dangerous. While professional testers know not to drop tables from databases, inexperienced testers or malicious users could attempt this on sites with potentially disastrous effects.

SELECT id FROM users WHERE name='' AND pass=''; DROP TABLE users;

I would recommend using a more benign SQL injection example, such as:

SELECT id FROM users WHERE name=''or+1=1--' AND pass='';