explanation about quotes please

Sandra Murphy

Escorpionsag
9 years ago | edited 9 years ago

0

sandra' or 1=1 or ‘a’=‘a
i have sql kownledge but i dont understand why in this sentence the a have quotes
'a’?=‘?a

btw=this is suposed to be a xpath injection

source https://www.owasp.org/index.php/XPATH_Injection

9replies

4voices

243views

? [bolofecal]
9 years ago

0

In this injection the a isn’t important you can use any string, but you need compare some values to return true, like 1=1, the quotes is just the string syntax, e.g. var='foo' or id=1

?

Escorpionsag
9 years ago

0

@bolofecal yeah i think i get that; im just curious about why this sentence the first A has two quotes and the second A just one

dloser
9 years ago

0

You might want to read up on/experiment with this subject a bit more; that should answer most basic questions.

? [bolofecal]
9 years ago

0

You must know that is just part of complete code.

?

Escorpionsag
9 years ago

0

@bolofecal do you mean that the sentence is incomplete??

dloser
9 years ago

0

He probably means that in the context of where it is used, it make sense. Again, find out how these things work and it should be pretty clear.

? [bolofecal]
9 years ago

0

Right, sorry bad english, in this thread https://www.hackthis.co.uk/forum/level-discussion/intermediate-levels/intermediate-level-6/3696-intermediate-6-help @freewind1012 post a good code that can help, view it and you will understand.

?

Escorpionsag
9 years ago

0

thanks @bolofecal and @dloser, ill keep trying and see what happens jajaj
btw @bolofecal i already saw that post, thanks for the help anyway

foxcargo
9 years ago

0

my spoiler is like this.
i don’t know to explalin without bring the answer,
but hope this can help.
just implement with query string

make the logical like
FALSE or TRUE or TRUE and FALSE

so the logical will be like
( FALSE expression OR TRUE expression) AND (TRUE ekspression OR FALSE expression)

You must be logged in to reply to this discussion. Login