Small SQLi evasion: 1*1--

client9 / libinjection

SQL / SQLI tokenizer parser analyzer

Other

1k stars 274 forks source link

Closed client9 closed 11 years ago

client9 commented 11 years ago

Very small SQLi hard to detect without false positives.

In revision 1.2.0 and earlier, the following SQLi is not detected:

1*1--
1*1/*

This is due to some checks to avoid having false positives.

Fix for #2 coming shortly. #1 is more problematic.

client9 commented 11 years ago

11/ is now detected and fixed in 1.3.0