|
|
|
SQL injection 1 |
Structured Query Language ('SQL') is a textual language used to interact with relational databases.
SQL Injection occurs when an attacker is able to insert SQL statements into a 'query' by changing
data input into an application. Data input is usually a text field like search text box or comments box etc.
For example in this query "SELECT FIRST_NM, LAST_NM, DT_OF_BIRTH FROM EMPLOYEE_DTL WHERE FIRST_NM = '" + firstName + "' " firstName is
the user input field. Query searches EMPLOYEE_DTL table on first name.
This query is inteneded to give result like this
Now to change this query behaviour user can add string like
' UNION SELECT ''||LOGIN_ID AS FIRST_NM, LOGIN_PWD AS LAST_NM, SYSDATE FROM USER_DTL WHERE 'a' = 'a.
Now if application actually has USER_DTL table it will display all user ids and passwords from the database.
End up printing all sensitive data
And this is not just printing of data. Attacker can even run drop table commands on database. On some database following is valid syntax.
This will execute multiple queries in one statement.
FIRST_NAME = ''; drop table USER_DTL--
Vulnerable.jsp used in this example
<%@ page import="java.sql.*" %>
<html>
<body>
<%
Connection con = null;
Statement stmt = null;
ResultSet rs = null;
String firstName = request.getParameter("firstName");
Class.forName("org.hsqldb.jdbcDriver");
con = DriverManager.getConnection("jdbc:hsqldb:hsql://localhost/trupti_db", "SA", "");
stmt = con.createStatement();
if(firstName != null)
{
rs = stmt.executeQuery("SELECT FIRST_NM, LAST_NM, DT_OF_BIRTH FROM "+
"EMPLOYEE_DTL WHERE FIRST_NM = '"+firstName+"'");
out.print("<table border='1' bgcolor='#EFEFEF'>");
out.print("<tr>");
out.print("<td><b>FIRST_NM</b></td>");
out.print("<td><b>LAST_NM</b></td>");
out.print("<td><b>DT_OF_BIRTH</b></td>");
out.print("</tr>");
while(rs.next())
{
out.print("<tr>");
out.print("<td>"+rs.getString("FIRST_NM")+"</td>");
out.print("<td>"+rs.getString("LAST_NM")+"</td>");
out.print("<td>"+rs.getString("DT_OF_BIRTH")+"</td>");
out.print("</tr>");
}
out.print("</table>");
}
if(rs!=null)rs.close();
if(stmt!=null)stmt.close();
if(con!=null)con.close();
%>
<form name='frm' method='post' >
<input type='text' name='firstName' value='' />
<input type='submit' name='submit' value='Search' />
</form>
</body>
</html>
See
|
|
|
| Wheat Cookies
|
Wheat cookies is a healthy snack for your fussy toddler......
|
| Babyfood |
2010-Aug-26 |
| Wheat Cookies
|
Wheat cookies is a healthy snack for your fussy toddler......
|
| Veg Recipes Baking |
2010-Aug-26 |
| Encoding special characters in userinput or on server
|
| Encoding can be done either in Javascript or JAVA encodeURIComponent, escape, java.net.URLEncoder..
|
| Java JSP |
2010-Aug-09 |
| Jstl fmt tag i18n formatdate formatcurrency
|
| fmt:setBundle, native2ascii.exe, fmt:message, fmt:setLocale, fmt:formatDate, fmt:formatNumber type=currency..
|
| Java JSP |
2010-Aug-05 |
| How to read and write a file
|
| How to read and write a file java.io.BufferedReader,java.io.FileReader, InputStreamReader ...
|
| Java J2SE |
2010-Aug-04 |
| jQuery validate form using ajax 2
|
| How to validate/submit form using ajax and jQuery input#, ($.ajax)..
|
| Javascript |
2010-Jul-23 |
| jQuery validate form using ajax 1
|
| How to validate/submit form using ajax and jQuery ($.ajax)..
|
| Javascript |
2010-Jul-23 |
| Dosa
|
 
Masala dosa is my favourite South Indian dish and I relish it it whenever we go to a South Indian food joint......
|
| Veg Recipes Parathas |
2010-Jul-14 |
| Palak Sukka/Spinach Sukka/Palakachi Sukhi Bhaji
|
 .JPG "/images/food/vegrecipes/160X120/PALAK METHI SUKHI BHAJI 2 (2).JPG")
If you are looking for a palak recipe apart from aloo palak or palak paneer, which quick yet delicious you are at the right place......
|
| Veg Recipes Dry Veg |
2010-Jul-13 |
| How to create datasource in RAD Websphere
|
| Create JDBC provider, datasource and JAAS security setup, JDBC connection URLs
|
| Servers Websphere |
2010-Jul-08 |
| Get Started 4
|
| Struts2 framework structure, how various components fit together
|
| Java Struts2 |
2010-Jul-07 |
| How to populate a form when JSP is called first time
|
| This is achieved throught setting bean in request, using frameworks like Struts2, Spring3..
|
| Java JSP |
2010-Jul-07 |
| Spring3 And Hibernate 4
|
| Spring3 and Hibernate 3.5.3 working together @Controller, @RequestMapping, @InitBinder, HibernateTransactionManager, LocalSessionFactoryBean, HibernateTemplate
|
| Java Spring |
2010-Jul-07 |
| Spring3 And Hibernate 3
|
| Spring3 and Hibernate 3.5.3 working together @Controller, @RequestMapping, @InitBinder, HibernateTransactionManager, LocalSessionFactoryBean, HibernateTemplate
|
| Java Spring |
2010-Jul-07 |
| Spring3 And Hibernate 1
|
| Spring3 and Hibernate 3.5.3 working together @Controller, @RequestMapping, @InitBinder, HibernateTransactionManager, LocalSessionFactoryBean, HibernateTemplate
|
| Java Spring |
2010-Jul-07 |
| Spring3 And Hibernate 2
|
| Spring3 and Hibernate 3.5.3 working together @Controller, @RequestMapping, @InitBinder, HibernateTransactionManager, LocalSessionFactoryBean, HibernateTemplate
|
| Java Spring |
2010-Jul-07 |
|
|
