If you are working your way through the OWASP Security Shepherd project, you have likely hit a wall at SQL Injection Challenge 5. By this stage, you’ve moved past the basics of ' OR 1=1 -- and are dealing with more complex filters or query structures.
The challenge description reads:
Expected result: When the number of NULLs matches the original SELECT (likely 2 columns), the page returns "User Found" even with the 1=2 condition. This confirms 2 columns.
EXEC sp_configure 'xp_dnsresolve', 0;
RECONFIGURE;
SeLeCt is treated exactly the same as SELECT by the database.aNd is treated exactly the same as AND by the database.If you are working your way through the OWASP Security Shepherd project, you have likely hit a wall at SQL Injection Challenge 5. By this stage, you’ve moved past the basics of ' OR 1=1 -- and are dealing with more complex filters or query structures.
The challenge description reads:
Expected result: When the number of NULLs matches the original SELECT (likely 2 columns), the page returns "User Found" even with the 1=2 condition. This confirms 2 columns. sql+injection+challenge+5+security+shepherd+new
EXEC sp_configure 'xp_dnsresolve', 0;
RECONFIGURE;
SeLeCt is treated exactly the same as SELECT by the database.aNd is treated exactly the same as AND by the database.