Saturday, August 31, 2019

SQL injection vulnerability to add more balance?

Let's say I have this SQL statement:



stmt.executeUpdate("INSERT INTO TUNEUSER (USERNAME,PASSWORD,BALANCE) VALUES ('"
+ daf.getString("username")
+ "','"

+ daf.getString("password")
+ "',0.00)");


and the application has a username and password field.



How can SQL injection be used to increased the balance from "0.00" to whatever you want?

No comments:

Post a Comment

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...