https://wiki.owasp.org/index.php?action=history&feed=atom&title=Talk%3ATesting_for_AJAX_Vulnerabilities_%28OWASP-AJ-001%29Talk:Testing for AJAX Vulnerabilities (OWASP-AJ-001) - Revision history2026-05-30T23:05:45ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Talk:Testing_for_AJAX_Vulnerabilities_(OWASP-AJ-001)&diff=49330&oldid=prevKirstenS: Talk:Testing for AJAX Vulnerabilities moved to Talk:Testing for AJAX Vulnerabilities (OWASP-AJ-001)2008-12-16T00:04:50Z<p><a href="/index.php/Talk:Testing_for_AJAX_Vulnerabilities" class="mw-redirect" title="Talk:Testing for AJAX Vulnerabilities">Talk:Testing for AJAX Vulnerabilities</a> moved to <a href="/index.php/Talk:Testing_for_AJAX_Vulnerabilities_(OWASP-AJ-001)" title="Talk:Testing for AJAX Vulnerabilities (OWASP-AJ-001)">Talk:Testing for AJAX Vulnerabilities (OWASP-AJ-001)</a></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<tr style='vertical-align: top;' lang='en'>
<td colspan='1' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='1' style="background-color: white; color:black; text-align: center;">Revision as of 00:04, 16 December 2008</td>
</tr><tr><td colspan='2' style='text-align: center;' lang='en'><div class="mw-diff-empty">(No difference)</div>
</td></tr></table>KirstenShttps://wiki.owasp.org/index.php?title=Talk:Testing_for_AJAX_Vulnerabilities_(OWASP-AJ-001)&diff=15281&oldid=prevWoodmi at 20:15, 11 January 20072007-01-11T20:15:22Z<p></p>
<p><b>New page</b></p><div>I believe that publishing this SQL injection as a test method is extremely dangerous. While professional testers know not to drop tables from databases, inexperienced testers or malicious users could attempt this on sites with potentially disastrous effects.<br />
<br />
<pre><br />
SELECT id FROM users WHERE name='' AND pass=''; DROP TABLE users;<br />
</pre><br />
<br />
I would recommend using a more benign SQL injection example, such as:<br />
<br />
<pre><br />
SELECT id FROM users WHERE name=''or+1=1--' AND pass='';<br />
</pre><br />
<br />
This isn't the best example either as it may allow someone to log into a site, but it's better than dropping the users table. Then again, all SQL injection is dangerous.</div>Woodmi