Subscribe to the newsletter and get local news sent directly to your inbox.
(It’s free)
: This is the SQL comment symbol. It tells the database to ignore everything else in the original code, effectively "turning off" the security checks or logic that were supposed to happen next. The Goal: Data Exfiltration
Here is a look into what that string is designed to do and why it’s a fundamental concept in web security. What is this string? : This is the SQL comment symbol
The text ') UNION ALL SELECT NULL,NULL...-- is a malicious payload used to test for vulnerabilities in a database. What is this string
: Attackers use NULL to figure out exactly how many columns the original database table has. If the number of NULL s matches the columns, the page loads; if not, it crashes. If the number of NULL s matches the
If a website is vulnerable to this, an attacker doesn't just stop at NULL . They eventually replace those NULL s with commands to extract sensitive info—like your —and display them right on the screen where the "Keyword" results should have been. How Developers Stop This
: This attempts to "break out" of the developer’s intended code by closing a data field and a function.
Get our newsletter delivered to your inbox three times a week.
It’s FREE and you can cancel anytime.
(It’s free)