Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does # mean in sql?

Does anyone know what something like OR 1# means in the context of mysql injection?

like image 568
munchybunch Avatar asked Nov 29 '10 03:11

munchybunch


2 Answers

It is MySQL's version of the line comment delimiter. In standard SQL, the line comment delimiter is --.

-- This is a standard SQL comment.
# This is a MySQL comment.

So in the context of SQL injection, if the attacker knows you're using MySQL he may use it to abruptly terminate the malicious SQL statement, causing MySQL to ignore whatever is behind the # and execute only the stuff that comes before it. This is only effective against single-line SQL statements, however. Here's an example:

Input:

Username: fake' OR 1#
Password: pass

Resultant SQL:

SELECT * FROM users WHERE username = 'fake' OR 1#' AND password = 'pass'

Which is executed as this, which returns every row:

SELECT * FROM users WHERE username = 'fake' OR 1
like image 132
BoltClock Avatar answered Oct 16 '22 07:10

BoltClock


This is the start of a comment. It means that anything after that will be skipped by the parser.

like image 20
Xavier Poinas Avatar answered Oct 16 '22 07:10

Xavier Poinas