Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

confused -.-

  1. Home
  2. Forum
  3. Questions
  4. confused -.-

ghost's Avatar

ghost

0 0

so i tryed the sql injection in basic 8 with -' or 'a'='a but when i submit it i get something like SQL Query Error: SELECT * FROM family_db WHERE password='-\' or \'a\'=\'a' whats with all those "\"? Same thing happens in real 15 - when i add the ' mark in user notes and press save it would come out like \'. If i keep pressing it just multiplies them.


ghost's Avatar

ghost

0 0

The backslashes are a result of the PHP function addslashes() being used. It is generally to prevent cross-site scripting and/or SQL injection vulnerabilities, though it doesn't always work.

For example, input such as markup"><script>alert('xss')</script> would change to markup\"><script>alert(\'xss\')</script> and would not alert xss, but input such as markup"><script>alert(1)</script> would change to markup\"><script>alert(1)</script> and would alert 1.