Exploiting SQL Injection in ORDER BY on Oracle
Tags
- Read more about Exploiting SQL Injection in ORDER BY on Oracle
- Log in to post comments
Consider the following piece of code:
$sql = "SELECT something FROM some_table WHERE id=? ORDER BY $column_name";
The WHERE clause is parametrized, but the ORDER BY isn't. This happens often enough. Assuming that $column_name comes from user input, this code is vulnerable to SQL injection.