Can you explain both, sql injection or 1=1 ?

863    Asked by AnkitChauhan in SQL Server , Asked on Dec 27, 2021

Please explain the meaning of "AND 1 = 1" in a SQL injection attack. 

My research regarding the sql injection involved reading various articles, one of which explained it as -

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details. 


Answered by Anil Mer

The specific question should not be SQL injection OR 1=1 but AND 1=1. There is a big difference here in what the OP is asking about. If I were your teacher and you provided me with JonathanMueller's answer you would get a lousy grade as you dont understand the question.


AND 1=1 is usally used in blind SQL injections. This is when you have to determine between a true or false state from the result of the application to make out what the actual result is. You don't get data listed out in the result, the only thing returned is a state of change. If you try to exploit a Blind SQL injection with OR 1=1 you will fail because the primary use of OR 1=1 is to create an always true statement in order to get the most data out of the database or to force a true statement in the case of a login script being exploited.

A practical blind SQL exploit example:

We use our example: http://www.site.com/news.php?id=7 Let’s test it: http://www.site.com/news.php?id=7 and 1=1 <--- this is always true and the page loads normally, that's ok.
http://www.site.com/news.php?id=7 and 1=2 <--- this is false, so if some text, picture or some content is missing on returned page then that site is vulnerable to blind sql injection.
Another example where you try to figure out MySQL version:
http://www.site.com/news.php?id=7 and substring(@@version,1,1)=4 This should return TRUE if the version of MySQL is 4. Replace 4 with 5, and if the query returns TRUE then the version is 5.
Examples taken from: http://www.exploit-db.com/download_pdf/14475


Your Answer

Interviews

Parent Categories