Are you studying for the CEH certification?
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
What is the purpose of ending many sql injection queries with --
This is the syntax for the start of a comment in sql which can bypass some sanitization checks by commenting out the terminating ' in many sql queries.
This prevents javascript input sanitization
This is used for privilege escalation within SQL Server
This allows you to link tables in sql
Many fields vulnerable to SQL injection will take the input and treat it as a string to use in the SQL query.
ie.
SELECT * FROM Users
WHERE Name = '
The terminating -- allows the user to comment out the final ' and thus gives the user more freedom in crafting their malicious query.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.