Back to the previous page
Test Case ID | ![]() |
Bad / Good / Mixed | Bad![]() |
Author | |
Associations | Good pair: 1797 Replaced by: 149095 |
Added by | Romain Gaucher |
Language | C |
Type of test case | Source Code |
Input string | \' OR 1=1 -- |
Expected Output | |
Instructions | |
Submission date | 2007-01-11 |
Description | The SQL Injection is possible because the arguments are not validated before the MySQL query. |
File(s) |
|
Flaw |
There is 1 comment
Have any comments on this test case? Please,
.
File Contains:
CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') on line(s): 52, 53
CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') on line(s): 52, 53