This post is for my cybersecurity students, and anyone else taking a cybersecurity class or studying for a certification exam.
From Jason Dion: “The most common type of code injection is SQL injection. An SQL injection attempts to modify one or more of an SQL query’s four basic functions: select, insert, delete, or update. Two common methods of performing an SQL injection are either using a single apostrophe (‘) or submitting an always true statement like 1=1. As a penetration tester, you need to be familiar with common ASCII encoded text used in URLs equivalents like %20 (space), %5c (\), and %2F (/) to identify SQL injections and file inclusions.”
I use WordFence as one of the cybersecurity plug-ins on my web blog. I get daily security reports by email, and here is an example of what a SQL injection attack looks like in the security logs. This one is chaining together a lot of wild card characters (*) with standard SQL commands like SELECT, and some XML CHR (character equivalents).
You may run across these in a test question, or your real life security logs. If you want to take a crack at solving the code string, you can share it in the post comments.Share