SQL Truncation
SQL Truncation is an attack in which we create a string that is too long for the database and is truncated. This could allow us to reset an account password by creating a new account with a username that once truncated match an existing user and a password of our choice.
- Existing username:
admin - Maximum length:
32 characters - Payload:
admin<32 spaces>atruncated toadmin
This attack is not possible anymore in multiple DBMS.