Bugtraq: Re: Paper: SQL Injection Attacks by Example

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Paper: SQL Injection Attacks by Example

From: Cory Foy <Cory.Foy () mobilehwy com>
Date: Wed, 05 Jan 2005 15:56:28 -0500

Scovetta, Michael V wrote:

At least in MSSQL, you'd have to do something bad like use sp_executesql
or some other function that will re-form a complete sql query and pass
that to the interpreter. As long as you do more sensible stuff like:

        insert into table (name, age) values (@b, @a)

you should be fine.

Except that I've seen webbie-type people who will execute a stored procby doing:


strSQL = "exec userLogin " + userName + " " + userPassword

which would be still be subject to a SQL Injection attack if I simplyhad a semicolon in the userPassword and then was able to pass any otherquery to it.


Cory

By Date By Thread

Current thread:

Paper: SQL Injection Attacks by Example Steve Friedl (Jan 05)
- RE: Paper: SQL Injection Attacks by Example David Litchfield (Jan 05)
- <Possible follow-ups>
- RE: Paper: SQL Injection Attacks by Example Scovetta, Michael V (Jan 05)
  - Re: Paper: SQL Injection Attacks by Example Chip Andrews (Jan 05)
  - Re: Paper: SQL Injection Attacks by Example Cory Foy (Jan 05)
  - RE: Paper: SQL Injection Attacks by Example David Litchfield (Jan 05)
- RE: Paper: SQL Injection Attacks by Example Michael Silk (Jan 05)
- RE: Paper: SQL Injection Attacks by Example Scovetta, Michael V (Jan 05)
- RE: Paper: SQL Injection Attacks by Example Sergey Chernyshev (Jan 06)