Mysql authentication bypass
I saw a demo of Green SQL today, and during the demo Yuli showed me a cute sql-injection method for mysql that I’ve never seen before.
This will evade some IDS’s and is also a good reply for the web development if they tell you filtering the words “OR” and “AND” is enough as a generic SQL-injection protection.
It’s not “new”, but it was new to me. The idea is to place two equal signs inside the query so that the query becomes:
SELECT * FROM users WHERE column=’b’=’c’
More information and a very detailed explanation here. It seems to be specific to mysql.