Best Windows Hosting

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, 15 April 2012

What is SQL Injection?

Posted on 19:55 by Unknown
SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.

The injection process works by prematurely terminating a text string and appending a new command. Because the inserted command may have additional strings appended to it before it is executed, the malefactor terminates the injected string with a comment mark "--". Subsequent text is ignored at execution time.

The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

var Shipcity;
ShipCity = Request.form ("ShipCity");
var sql = "select * from OrdersTable where ShipCity = '" + ShipCity + "'";

The user is prompted to enter the name of a city. If she enters Redmond, the query assembled by the script looks similar to the following:

SELECT * FROM OrdersTable WHERE ShipCity = 'Redmond'

However, assume that the user enters the following:

Redmond'; drop table OrdersTable--

In this case, the following query is assembled by the script:

SELECT * FROM OrdersTable WHERE ShipCity = 'Redmond';drop table OrdersTable--'

The semicolon (;) denotes the end of one query and the start of another. The double hyphen (--) indicates that the rest of the current line is a comment and should be ignored. If the modified code is syntactically correct, it will be executed by the server. When SQL Server processes this statement, SQL Server will first select all records in OrdersTable where ShipCity is Redmond. Then, SQL Server will drop OrdersTable.

As long as injected SQL code is syntactically correct, tampering cannot be detected programmatically. Therefore, you must validate all user input and carefully review code that executes constructed SQL commands in the server that you are using.
Email ThisBlogThis!Share to XShare to Facebook
Posted in DOTNET | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Online Marketing Degrees
    Because global competition has become so intense, it should come as no surprise that companies invest heavily in their marketing and promoti...
  • Protecting E-mail Addresses on Webpages: Beware of using mailto protocol
    Placing an e-mail address on a Web page is a dangerous prospect nowadays. If the document on which the address appears generates even a medi...
  • Silver Bullets for Testing
    Know Our Application Don’t start testing without understanding the requirements. If we test without knowledge of the requirements, we will n...
  • Preloading Images: A trick to overcome delays in image-rich webpages loading
    One of the things that can really slow down the display of Web pages is an abundance of images, each one of which can contain the equivalent...
  • Unix Commands which should be on tips of each developer
    General Commands: 1. date: shows date and time 2. history: lists the previously executed commands 3. man ls: shows online documentation by...
  • Online Music Degrees
    For those who want to pursue a music degree but find it difficult to do so because of time constraints, financial difficulties or physical l...
  • Client Side State Management in ASP.NET
    State Management in done on client side as well as on server side in ASP.NET. In this article, we will just focus on clinet side state manag...
  • Frameset, Frame and IFrame Elements in HTML
    Frame Element With frames, you can display more than one HTML document in the same browser window. Each HTML document is called a frame, and...
  • 5 E-mail Etiquette You Must Know
    From memos and letters to answering machines, voice mail and now email, the last one is here to stay. Studies show that nearly two million e...
  • Cautions while dropping a tablespace
    DROP TABLESPACE drops the tablespace from database. But, there are few things which you should take care while firing this statement. 1. DRO...

Categories

  • AJAX
  • C++
  • CSS
  • Delphi
  • DOTNET
  • HTML
  • Javascript
  • jQuery
  • Management
  • Online Degrees
  • Oracle
  • Others
  • Phonegap
  • PHP
  • Unix
  • XML

Blog Archive

  • ▼  2012 (155)
    • ►  September (64)
    • ►  August (11)
    • ►  July (4)
    • ►  June (3)
    • ►  May (25)
    • ▼  April (48)
      • DOM Events: Mouse Events, Keyboard Events, Form Ev...
      • What is DOM (Document Object Model): Tree and Node...
      • DocType: Strict, Transitional and Frameset
      • How the ASP.NET authentication process works?
      • Response.Redirect vs Server.Transfer: What to use ...
      • GET vs POST: Which one is better? A 10 point compa...
      • HTTP vs HTTPS: Similarities and Differences
      • How IIS processes ASP.NET request?
      • AutoEventWireup in ASP.NET: Why my ASP.NET events ...
      • Web Farms in ASP.NET: Advantages and Issues
      • Cautions while dropping a tablespace
      • 12 Point Comparision between FTP and HTTP Protocol...
      • Dataset, Dataview, Datatable and common operations...
      • Client Side State Management in ASP.NET
      • Difference between page_init, page_load and page_p...
      • Database FLASHBACK mode: Overview
      • Database ARCHIVELOG mode: Overview
      • Hash Collision Attacks in .NET
      • ADO.NET: A quick revision
      • What is SQL Injection?
      • What is ASP.NET AJAX?
      • What is DLL HELL?
      • DIV vs TABLE tag: Which one to use?
      • Exception Handling in ASP.NET
      • Business Intelligence (BI): Data Warehouse, Data M...
      • UDDI: Universal Description, Discovery and Integra...
      • Web Services: Exposing and Consuming
      • Web Service Description Language
      • Simple Object Access Protocol
      • Caching in ASP.NET
      • Partial Classes in ASP.NET
      • Difference between DLL and EXE Files
      • What is an ASP.NET User Control?
      • Page Directive in ASP.NET
      • DOTNET Framework: CLR, CTS and CLS
      • What is Tethering and Hotspot?
      • Preventing Caching in AJAX URLs
      • What is web.config file? What is the significance ...
      • HTML vs XHTML vs DHTML
      • AJAX - A quick revision
      • Web Server vs Application Server vs Database Server
      • Difference Between ASP.NET Server Controls and HTM...
      • web.config vs app.config vs machine.config
      • Assemblies in .NET Framework
      • Silver Bullets for Testing
      • Unix Commands which should be on tips of each deve...
      • Basics of IBM Websphere MQ (Part 1)
      • What is Garbage Collector? How and when does it run?
Powered by Blogger.

About Me

Unknown
View my complete profile