: These are comment tags used to bypass basic security filters that might block spaces.
: Only allow expected characters. For example, if a field is for a username, don't allow special characters like ' , ( , or * . : These are comment tags used to bypass
: This part attempts to "break out" of a text string in the database query. The single quote ( ' ) is used to end the intended data input so that the database starts reading the following text as a command. : This part attempts to "break out" of
: Log in as an administrator without a password. : This tells the database to wait for
: This tells the database to wait for 2 seconds before responding.
If a website allows this input to run, an attacker could potentially:
: Access entire tables of user info, emails, and hashed passwords.
Sign in with Facebook
Sign in with Google
Sign in with Email