Thread: LB Text Battle Formatting
View Single Post
  #58  
Unread 10-08-2019, 11:36 PM
Subreal
Tag Team Champion
Discord Battler
BAT GOD
Join Date: Sep 2010
Posts: 2,572
Mentioned: 1040 Post(s)
Tagged: 39 Thread(s)
Estimated Skill in Text: 7.32/10 starsEstimated Skill in Text: 7.32/10 starsEstimated Skill in Text: 7.32/10 starsEstimated Skill in Text: 7.32/10 starsEstimated Skill in Text: 7.32/10 starsEstimated Skill in Text: 7.32/10 starsEstimated Skill in Text: 6.61/10 starsEstimated Skill in Text: 6.61/10 starsEstimated Skill in Text: 6.61/10 starsEstimated Skill in Text: 6.61/10 stars
Ranked Text Record
41 Won / 37 Lost
Default
Quote:
Originally Posted by Dave View Post
You think I'd never tried to SQL Inject LB on day 1?

Also this wouldn't work because you don't concatonate the username and password. You use quotation marks to break out of the username string and leave the password blank.

I think it'd go:-

Username: EtH" OR User_Id = 1

This would say something like SELECT * FROM Users WHERE Username = "EtH" OR User_Id = 1"

Off the top can't remember how you handle the password though.
SQL injections are ridiculously easy to prevent, was only a significant problem yearsss ago
__________________




Pack of Wolves, gayest crew on the site.
Reply With Quote
Unread 10-08-2019, 11:36 PM   #58
 
Subreal
Tag Team Champion
Discord Battler
BAT GOD
Estimated Skill in Text: 7.32/10 starsEstimated Skill in Text: 7.32/10 starsEstimated Skill in Text: 7.32/10 starsEstimated Skill in Text: 7.32/10 starsEstimated Skill in Text: 7.32/10 starsEstimated Skill in Text: 7.32/10 starsEstimated Skill in Text: 6.61/10 starsEstimated Skill in Text: 6.61/10 starsEstimated Skill in Text: 6.61/10 starsEstimated Skill in Text: 6.61/10 stars
Ranked Text Record
41 Won / 37 Lost
 
Join Date: Sep 2010
Voted: 44 audio / 258 text
Posts: 2,572
Mentioned: 1040 Post(s)
Tagged: 39 Thread(s)
Default
Quote:
Originally Posted by Dave View Post
You think I'd never tried to SQL Inject LB on day 1?

Also this wouldn't work because you don't concatonate the username and password. You use quotation marks to break out of the username string and leave the password blank.

I think it'd go:-

Username: EtH" OR User_Id = 1

This would say something like SELECT * FROM Users WHERE Username = "EtH" OR User_Id = 1"

Off the top can't remember how you handle the password though.
SQL injections are ridiculously easy to prevent, was only a significant problem yearsss ago
__________________




Pack of Wolves, gayest crew on the site.
Offline  
Reply With Quote