Vulnerability of web applications
What‘s SQL Injection?
Technique for exploiting web applications that use client-supplied data Stripping of potentially harmful characters is missing Simple to prevent, but number of vulnerable services is still astonishing
SQLQuery = "SELECT Username FROM Users WHERE Username = ‘" & strUsername & "‘ AND Password = ‘" & strPassword & "‘„; strAuthCheck = GetQueryResult(SQLQuery); If strAuthCheck = "" Then boolAuthenticated = False; Else boolAuthenticated = True; End If;
“Break out“ of quotes
$query = „SELECT CompanyName FROM Shippers WHERE ID = $id“;
Unchecked user input
$query = „SELECT CompanyName FROM Shippers WHERE ID = 0 UNION ALL SELECT CompanyName FROM Customers“;