by Bryian Tan
Feedback
|
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days):
44068/
120
|
|
|
Forms input |
SQL Injection
We can bypass the login page by simply adding ' or 1=1 -- or
') or 1=1 to the login id and place any value in the password field. See
example below.
Figure 15
If there are no maximum number of characters defined on the
TextBox, the attacker can append the SQL statement mentioned above to the form
input's value. Let's say we have a page to update the comment and I update the
comment with the value shown below. We should see a new entry in the tbl_SQLInjection table after the update.
Listing 27
'; DECLARE @S VARCHAR(500) SET @s=
CAST(0x4946204f424a4543545f4944282774626c5f53514c496e6a656374696f6e272c27552729204
953204e554c4c20435245415445205441424c452064626f2e5b74626c5f53514c496e6a656374696f6
e5d285b4f75747075745d205b766172636861725d2835303029204e554c4c2920494e5345525420494
e544f2064626f2e74626c5f53514c496e6a656374696f6e2053454c454354202770616765202d20537
5626a65637420746f2053514c20496e6a656374696f6e27 as VARCHAR(500))Exec(@s)--
Next, I'll demonstrate a simple way an attacker can update
every column in the table with the same value. Let's update the Name value with
hacked ';--
Figure 16
Retrieve all the rows from the MyComments
table and witness that all the value in name column were updated to
"hacked". As mentioned earlier, the two consecutive hyphens
"--" indicates the SQL comments, the query statement after the
hyphens will not evaluated by the SQL server. Please make sure to backup the
database before replicating this demonstration.
Figure 17
|
|
|
User Comments
Title:
NIKE NFL jerseys
Name:
NIKE NFL jerseys
Date:
2012-07-02 10:09:59 AM
Comment:
http://www.jersey2shop.com http://www.cheapjersey2store.com http://www.jerseycaptain.com http://www.yourjerseyhome.com We are professional jerseys manufacturer from china,wholesal.cheap nike nfl jerseys, mlb jerseys, nhl jerseys,nba jerseys and shoes Cheap NFL,NBA,MLB,NHL ,heap jerseys,2012 nike nfl Jerseys,nba jersey and shorts,oklahoma city thunder jersey,official jeremy lin new york knicks jersey,NFL Jerseys Wholesale,blake griffin jersey blue,NFL jerseys For Sale online.All Our Jerseys Are Sewn On and Directly From Chinese Jerseys Factory ,Wholesale cheap jerseys,Cheap mlb jerseys,]Nike NFL Jerseys,Cheap China Wholesae,Wholesale jerseys From China,2012 nike nfl Jerseys,Jerseys From China,,2012 nike nfl Jerseys,Revolution 30 nba jerseys,jersey of nba chicago bulls direk rose ,nfl jerseys,green bay packers jerseys wholesale,Buffalo Bills nike nfl jerseys sale,good supplier soccer jerseys,cool base mlb jerseys,Revolution 30 nba jerseys,2012 stanley cup nhl jersey, We are professional jerseys manufacturer from china,wholesal.cheap nike nfl jerseys, mlb jerseys, nhl jerseys,nba jerseys and shoes. www.yourjerseyhome.com
|
Title:
SQL Injection and Cross-Site Scripting
Name:
DINESH
Date:
2011-01-18 6:25:25 AM
Comment:
The best SQL Server Site Scripting
|
Title:
avrail
Name:
Refat Eid
Date:
2010-09-19 3:02:00 AM
Comment:
where can i found the TestDBSetup.sql ?
|
Title:
Really Good
Name:
Ankit Shivankar
Date:
2010-09-15 1:04:32 AM
Comment:
its really good.....and easy to understand
dear Bryian ... M facing some problem in my personal project can u help me.. if u can then plz contact me on mail id that is shiva.ankit@gmail.com
|
Title:
Download Link
Name:
Bryian Tan
Date:
2010-09-14 8:21:24 PM
Comment:
Hello,
Sorry, I think I forgot to include the download link. Anyway, please download the sample code from here http://download.ysatech.com/SQL-Injection-and-Cross-Site-Scripting/Sample_SQLInjection_XSS.zip
|
Title:
Gustavo
Name:
Fernandez
Date:
2010-09-14 3:19:45 PM
Comment:
Where is the link to download the code sample (TestDBSetup.sql)?
|
Title:
Senior programmer/analyst
Name:
Greg Hilsheimer
Date:
2010-09-14 2:16:39 PM
Comment:
where is link to download code
|
|
|
|