sql

Document Sample
sql Powered By Docstoc
					SQL Injection
Vulnerability of web applications

What‘s SQL Injection?






Technique for exploiting web applications that use client-supplied data Stripping of potentially harmful characters is missing Simple to prevent, but number of vulnerable services is still astonishing

Authorization Bypass
SQLQuery = "SELECT Username FROM Users WHERE Username = ‘" & strUsername & "‘ AND Password = ‘" & strPassword & "‘„; strAuthCheck = GetQueryResult(SQLQuery); If strAuthCheck = "" Then boolAuthenticated = False; Else boolAuthenticated = True; End If;

Example

“Break out“ of quotes
$query = „SELECT CompanyName FROM Shippers WHERE ID = $id“;

Unchecked user input

$query = „SELECT CompanyName FROM Shippers WHERE ID = 0 UNION ALL SELECT CompanyName FROM Customers“;


				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:29
posted:9/30/2009
language:English
pages:4