Re: SQL Injection Queries in Perl/CGI


The stupid question is the question not asked
	PerlMonks

Re: SQL Injection Queries in Perl/CGI

by hardburn (Abbot)

on Dec 11, 2015 at 14:35 UTC ( [id://1150033]=note: print w/replies, xml )

Need Help??

in reply to SQL Injection Queries in Perl/CGI

You're using placeholders correctly, so what it's really saying is that there's no user in the database named or '1'='1 '. The query comes back with zero rows, and presumably something else in the code is seeing that and throwing the 403 (a perfectly reasonable response code for a bad username). Since you're using placeholders, it's likely that no SQL injection attacks are taking place--good job!

As far as I can see from here, it's behaving exactly as it should.

"There is no shame in being self-taught, only in not trying to learn in the first place." -- Atrus, Myst: The Book of D'ni.

Comment on Re: SQL Injection Queries in Perl/CGI Download Code

Replies are listed 'Best First'.
Re^2: SQL Injection Queries in Perl/CGI by Muskovitz (Scribe) on Dec 11, 2015 at 14:42 UTC
That's so great to hear it! But how can i fix this 403 forbidden?	[reply]
Re^3: SQL Injection Queries in Perl/CGI by hardburn (Abbot) on Dec 11, 2015 at 14:50 UTC
From what I can tell, there's nothing that needs to be fixed. If the app is meant to throw a 403 when an invalid username is sent, then it's doing the right thing as it is. Is it supposed to do something else when it gets an invalid user? "There is no shame in being self-taught, only in not trying to learn in the first place." -- Atrus, Myst: The Book of D'ni.	[reply]
Re^4: SQL Injection Queries in Perl/CGI by chacham (Prior) on Dec 11, 2015 at 15:13 UTC
there's nothing that needs to be fixed Except that it's logging in as root and not another user.	[reply]
Re^5: SQL Injection Queries in Perl/CGI by hardburn (Abbot) on Dec 11, 2015 at 15:48 UTC

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://1150033]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others making s'mores by the fire in the courtyard of the Monastery: (6)

As of 2024-04-24 12:59 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found