Alternate version:
this post was submitted on 05 Feb 2025
249 points (98.1% liked)
Programmer Humor
20351 readers
1888 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Bypassing authentication or checks by incorporating a statement that always returns true, and doing an 'or' operation with the statement being injected. It manipulates the return value of the SQL statement to make it always return true, so if the website is checking if the statement returned true to indicate, for example, the password is correct, it will now think that was the case.
I remember the first time I shipped a website with that SQL injection.
It got taken over surprisingly quickly.
Crackers work hard.
Edit: Wait, does that mean you did it again? Haha.
I just wiped the DB and put it back online again.
I did fix it, but had to rewrite a lot of the PHP backend, which took a couple days.
And yes, I did release another website with SQL injection... It was a personal website for my brother and the pagination was vulnerable. I had written a simple CMS for it, but Instead of a password I just generated an obscure URL with completely open access to edit the DB directly.
The pagination got hacked but I fixed it pretty quickly (by checking the page number was in fact a number).
Surprisingly the CMS never got hacked before I moved him over to WordPress.
Younger me learned a lot of web dev lessons the hard way.
ETA: This was all when I was a teen and I had nobody in my life to teach me these things. I was self taught from a PHP book from the library.