Mysql authentication bypass

I saw a demo of Green SQL today, and during the demo Yuli showed me a cute sql-injection method for mysql that I’ve never seen before.

This will evade some IDS’s and is also a good reply for the web development if they tell you filtering the words “OR” and “AND” is enough as a generic SQL-injection protection.
It’s not “new”, but it was new to me. The idea is to place two equal signs inside the query so that the query becomes:

SELECT * FROM users WHERE column=’b’=’c’

More information and a very detailed explanation here. It seems to be specific to mysql.

Share
  • Just me

    This isn’t really an “MySQL authentication bypass” rather it is a way to bypass IDS/IPS by exploiting an SQL extension that MySQL supports (comparing 3 values rather than just 2)

  • http://www.BeyondSecurity.com Aviram

    @Just me – this is a way to perform an SQL injection in order to bypass authentication, and it works (only) on mysql. Hence the term “MySQL authentication bypass”. It just has an interesting side effect of bypassing some intrusion detection tools.

  • http://dumb dumb

    lame! LÆAME!