Saturday, August 31, 2019

SQL injection vulnerability to add more balance?

Let's say I have this SQL statement:



stmt.executeUpdate("INSERT INTO TUNEUSER (USERNAME,PASSWORD,BALANCE) VALUES ('"
        + daf.getString("username")
        + "','"

        + daf.getString("password")
        + "',0.00)");


and the application has a username and password field.



How can SQL injection be used to increased the balance from "0.00" to whatever you want?

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...