{"url":"https://www.demandosigno.study/entry/2021/04/04/201554","width":"100%","blog_url":"https://www.demandosigno.study/","height":"190","author_name":"demandosigno","blog_title":"demandosigno","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fwww.demandosigno.study%2Fentry%2F2021%2F04%2F04%2F201554\" title=\"WebGaot 6-2 SQL Injection (intro) - demandosigno\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","title":"WebGaot 6-2 SQL Injection (intro)","version":"1.0","type":"rich","categories":["WebGoat","SQL Injection"],"provider_name":"Hatena Blog","author_url":"https://blog.hatena.ne.jp/demandosigno/","image_url":"https://cdn-ak.f.st-hatena.com/images/fotolife/h/hirose-test/20210404/20210404200811.jpg","description":"No.9 Try It! String SQL injection \u30b3\u30fc\u30c9\u5185\u306e\u30af\u30a8\u30ea\u306f\u3001\u524d\u306e\u4f8b\u3067\u898b\u305f\u3088\u3046\u306b\u52d5\u7684\u306a\u30af\u30a8\u30ea\u3092\u69cb\u7bc9\u3057\u307e\u3059\u3002\u3053\u306e\u30af\u30a8\u30ea\u306f\u6587\u5b57\u5217\u3092\u9023\u7d50\u3057\u3066\u4f5c\u3089\u308c\u3066\u3044\u308b\u305f\u3081\u3001String SQL Injection\u306e\u5f71\u97ff\u3092\u53d7\u3051\u3084\u3059\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002 \"SELECT * FROM user_data WHERE first_name = 'John' AND last_name = '\" + lastName + \"'\"; \u4ee5\u4e0b\u306e\u30d5\u30a9\u30fc\u30e0\u3092\u4f7f\u3063\u3066\u3001users\u30c6\u30fc\u30d6\u30eb\u304b\u3089\u3059\u3079\u3066\u306e\u30e6\u30fc\u30b6\u30fc\u3092\u53d6\u5f97\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002\u5b8c\u5168\u306a\u30ea\u30b9\u30c8\u3092\u53d6\u5f97\u3059\u308b\u305f\u3081\u306b\u3001\u7279\u5b9a\u306e\u30e6\u30fc\u30b6\u540d\u3092\u77e5\u308b\u5fc5\u8981\u306f\u3042\u308a\u307e\u305b\u3093\u3002 \u8aac\u660e\u3057\u307e\u3059\u3002or\u2026","published":"2021-04-04 20:15:54","provider_url":"https://hatena.blog"}