Organizational Research By

Surprising Reserch Topic

Question:What is SQL Injection and How to Fix It?



asked Sep 13, 2013 in Java Interview Questions by anonymous
edited Sep 12, 2013
0 votes
21 views



Related Hot Questions

2 Answers

0 votes

 

Example of a SQLInjection Attack
 
Here is a sample basic HTML form with two inputs, login and password.
 
" rel="nofollow" target="_blank">http://testasp.vulnweb.com/login.asp">
 
 
 
 
The easiest way for the login.asp to work is by building a database query that looks like this:
 
SELECT id
FROM logins
WHERE username = '$username'
AND password = '$password’
 
If the variables $username and $password are requested directly from the user's input, this can easily be compromised. Suppose that we gave "Joe" as a username and that the following string was provided as a password: anything' OR 'x'='x
 
SELECT id
FROM logins
WHERE username = 'Joe'
AND password = 'anything' OR 'x'='x'
 
As the inputs of the web application are not properly sanitised, the use of the single quotes has turned the WHERE SQL command into a two-component clause.
 
The 'x'='x' part guarantees to be true regardless of what the first part contains.
 
This will allow the attacker to bypass the login form without actually knowing a valid username / password combination!
answered Sep 13, 2013 by rajesh
edited Sep 12, 2013
0 votes

 

Example of a SQLInjection Attack
 
Here is a sample basic HTML form with two inputs, login and password.
 
" rel="nofollow" target="_blank">http://testasp.vulnweb.com/login.asp">
 
 
 
 
The easiest way for the login.asp to work is by building a database query that looks like this:
 
SELECT id
FROM logins
WHERE username = '$username'
AND password = '$password’
 
If the variables $username and $password are requested directly from the user's input, this can easily be compromised. Suppose that we gave "Joe" as a username and that the following string was provided as a password: anything' OR 'x'='x
 
SELECT id
FROM logins
WHERE username = 'Joe'
AND password = 'anything' OR 'x'='x'
 
As the inputs of the web application are not properly sanitised, the use of the single quotes has turned the WHERE SQL command into a two-component clause.
 
The 'x'='x' part guarantees to be true regardless of what the first part contains.
 
This will allow the attacker to bypass the login form without actually knowing a valid username / password combination!
answered Sep 13, 2013 by rajesh
edited Sep 12, 2013

...