Saturday 31 August 2019

SQL injection vulnerability to add more balance?

Let's say I have this SQL statement:



stmt.executeUpdate("INSERT INTO TUNEUSER (USERNAME,PASSWORD,BALANCE) VALUES ('"
        + daf.getString("username")
        + "','"

        + daf.getString("password")
        + "',0.00)");


and the application has a username and password field.



How can SQL injection be used to increased the balance from "0.00" to whatever you want?

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...