Best Windows Hosting

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, 15 April 2012

What is SQL Injection?

Posted on 19:55 by Unknown
SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.

The injection process works by prematurely terminating a text string and appending a new command. Because the inserted command may have additional strings appended to it before it is executed, the malefactor terminates the injected string with a comment mark "--". Subsequent text is ignored at execution time.

The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

var Shipcity;
ShipCity = Request.form ("ShipCity");
var sql = "select * from OrdersTable where ShipCity = '" + ShipCity + "'";

The user is prompted to enter the name of a city. If she enters Redmond, the query assembled by the script looks similar to the following:

SELECT * FROM OrdersTable WHERE ShipCity = 'Redmond'

However, assume that the user enters the following:

Redmond'; drop table OrdersTable--

In this case, the following query is assembled by the script:

SELECT * FROM OrdersTable WHERE ShipCity = 'Redmond';drop table OrdersTable--'

The semicolon (;) denotes the end of one query and the start of another. The double hyphen (--) indicates that the rest of the current line is a comment and should be ignored. If the modified code is syntactically correct, it will be executed by the server. When SQL Server processes this statement, SQL Server will first select all records in OrdersTable where ShipCity is Redmond. Then, SQL Server will drop OrdersTable.

As long as injected SQL code is syntactically correct, tampering cannot be detected programmatically. Therefore, you must validate all user input and carefully review code that executes constructed SQL commands in the server that you are using.
Email ThisBlogThis!Share to XShare to Facebook
Posted in DOTNET | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • 13 Things to keep in mind before using DLL in Delphi
    Keep in mind the following tips when writing your DLL: 1. Make sure you use the proper calling convention (C or stdcall). 2. Know the correc...
  • How to use TADOTable in Delphi XE2?
    Following is the code snippet which will show you how to use TADOTable in Delphi XE2? procedure TClass1.GetDataFromADOTable; begin   try    ...
  • How to use FindComponent function in Delphi XE2?
    Following is the code snippet which will show you how to use FindComponent in Delphi XE2? procedure TClass1.UseFindComponent(FieldName : str...
  • Online Finance Degrees
    There is a great demand for professionals with profound knowledge of finance and accounting in most of the reputed banks and financial insti...
  • How to grab the recruiter’s attention with your resume?
    Did you know that the average recruiter spends about 8 to 10 seconds glancing at your resume before s/he moves on to the next? So, whether y...
  • 5 ways to handle workload at your workplace
    With bigger workloads, tighter deadlines and more pressure, the temptation to pack in as many tasks as possible is hard to resist. But juggl...
  • Online Marketing Degrees
    Because global competition has become so intense, it should come as no surprise that companies invest heavily in their marketing and promoti...
  • Oracle Streams: An Overview
    Oracle Streams enables information sharing. Each unit of shared information is called a message. The stream can propagate information within...
  • Frameset, Frame and IFrame Elements in HTML
    Frame Element With frames, you can display more than one HTML document in the same browser window. Each HTML document is called a frame, and...
  • 5 Tips to enjoy your workplace
    Many people dislike getting up everyday and trudge to office. This is surprising, especially when we spend more than one-third of our day at...

Categories

  • AJAX
  • C++
  • CSS
  • Delphi
  • DOTNET
  • HTML
  • Javascript
  • jQuery
  • Management
  • Online Degrees
  • Oracle
  • Others
  • Phonegap
  • PHP
  • Unix
  • XML

Blog Archive

  • ▼  2012 (155)
    • ►  September (64)
    • ►  August (11)
    • ►  July (4)
    • ►  June (3)
    • ►  May (25)
    • ▼  April (48)
      • DOM Events: Mouse Events, Keyboard Events, Form Ev...
      • What is DOM (Document Object Model): Tree and Node...
      • DocType: Strict, Transitional and Frameset
      • How the ASP.NET authentication process works?
      • Response.Redirect vs Server.Transfer: What to use ...
      • GET vs POST: Which one is better? A 10 point compa...
      • HTTP vs HTTPS: Similarities and Differences
      • How IIS processes ASP.NET request?
      • AutoEventWireup in ASP.NET: Why my ASP.NET events ...
      • Web Farms in ASP.NET: Advantages and Issues
      • Cautions while dropping a tablespace
      • 12 Point Comparision between FTP and HTTP Protocol...
      • Dataset, Dataview, Datatable and common operations...
      • Client Side State Management in ASP.NET
      • Difference between page_init, page_load and page_p...
      • Database FLASHBACK mode: Overview
      • Database ARCHIVELOG mode: Overview
      • Hash Collision Attacks in .NET
      • ADO.NET: A quick revision
      • What is SQL Injection?
      • What is ASP.NET AJAX?
      • What is DLL HELL?
      • DIV vs TABLE tag: Which one to use?
      • Exception Handling in ASP.NET
      • Business Intelligence (BI): Data Warehouse, Data M...
      • UDDI: Universal Description, Discovery and Integra...
      • Web Services: Exposing and Consuming
      • Web Service Description Language
      • Simple Object Access Protocol
      • Caching in ASP.NET
      • Partial Classes in ASP.NET
      • Difference between DLL and EXE Files
      • What is an ASP.NET User Control?
      • Page Directive in ASP.NET
      • DOTNET Framework: CLR, CTS and CLS
      • What is Tethering and Hotspot?
      • Preventing Caching in AJAX URLs
      • What is web.config file? What is the significance ...
      • HTML vs XHTML vs DHTML
      • AJAX - A quick revision
      • Web Server vs Application Server vs Database Server
      • Difference Between ASP.NET Server Controls and HTM...
      • web.config vs app.config vs machine.config
      • Assemblies in .NET Framework
      • Silver Bullets for Testing
      • Unix Commands which should be on tips of each deve...
      • Basics of IBM Websphere MQ (Part 1)
      • What is Garbage Collector? How and when does it run?
Powered by Blogger.

About Me

Unknown
View my complete profile