|
|
|
SQL injection 1 |
Structured Query Language ('SQL') is a textual language used to interact with relational databases.
SQL Injection occurs when an attacker is able to insert SQL statements into a 'query' by changing
data input into an application. Data input is usually a text field like search text box or comments box etc.
For example in this query "SELECT FIRST_NM, LAST_NM, DT_OF_BIRTH FROM EMPLOYEE_DTL WHERE FIRST_NM = '" + firstName + "' " firstName is
the user input field. Query searches EMPLOYEE_DTL table on first name.
This query is inteneded to give result like this
Now to change this query behaviour user can add string like
' UNION SELECT ''||LOGIN_ID AS FIRST_NM, LOGIN_PWD AS LAST_NM, SYSDATE FROM USER_DTL WHERE 'a' = 'a.
Now if application actually has USER_DTL table it will display all user ids and passwords from the database.
End up printing all sensitive data
And this is not just printing of data. Attacker can even run drop table commands on database. On some database following is valid syntax.
This will execute multiple queries in one statement.
FIRST_NAME = ''; drop table USER_DTL--
Vulnerable.jsp used in this example
<%@ page import="java.sql.*" %>
<html>
<body>
<%
Connection con = null;
Statement stmt = null;
ResultSet rs = null;
String firstName = request.getParameter("firstName");
Class.forName("org.hsqldb.jdbcDriver");
con = DriverManager.getConnection("jdbc:hsqldb:hsql://localhost/trupti_db", "SA", "");
stmt = con.createStatement();
if(firstName != null)
{
rs = stmt.executeQuery("SELECT FIRST_NM, LAST_NM, DT_OF_BIRTH FROM "+
"EMPLOYEE_DTL WHERE FIRST_NM = '"+firstName+"'");
out.print("<table border='1' bgcolor='#EFEFEF'>");
out.print("<tr>");
out.print("<td><b>FIRST_NM</b></td>");
out.print("<td><b>LAST_NM</b></td>");
out.print("<td><b>DT_OF_BIRTH</b></td>");
out.print("</tr>");
while(rs.next())
{
out.print("<tr>");
out.print("<td>"+rs.getString("FIRST_NM")+"</td>");
out.print("<td>"+rs.getString("LAST_NM")+"</td>");
out.print("<td>"+rs.getString("DT_OF_BIRTH")+"</td>");
out.print("</tr>");
}
out.print("</table>");
}
if(rs!=null)rs.close();
if(stmt!=null)stmt.close();
if(con!=null)con.close();
%>
<form name='frm' method='post' >
<input type='text' name='firstName' value='' />
<input type='submit' name='submit' value='Search' />
</form>
</body>
</html>
See
|
|
|
| How to loop arraylist JAVA6 Syntax
|
| How to iterrate through ArrayList and display multiple rows using for loop JAVA6 syntax..
|
| Java JSP |
2010-Oct-12 |
| How to loop arraylist
|
| How to iterrate through ArrayList and display multiple rows using for loop, JSTL tags..
|
| Java JSP |
2010-Oct-12 |
| Consumer using JAX WS Dispatch API and DOM parser 1
|
| Access/Consume Webservice using Servlet, JAX-WS Dispatch API dynamic client and parsing SOAP response using DOM parser...
|
| Java Webservice |
2010-Sep-20 |
| Simple Java first CXF Webservice 4
|
| Building Simple Java first CXF webservice using CXFServlet, Spring, jaxws:endpoint, @WebService, @SOAPBinding, @WebResult
|
| Java Webservice |
2010-Sep-19 |
| Simple Java first CXF Webservice 3
|
| Building Simple Java first CXF webservice using CXFServlet, Spring, jaxws:endpoint, @WebService, @SOAPBinding, @WebResult
|
| Java Webservice |
2010-Sep-18 |
| Simple Java first CXF Webservice 1
|
| Building Simple Java first CXF webservice using CXFServlet, Spring, jaxws:endpoint, @WebService, @SOAPBinding, @WebResult
|
| Java Webservice |
2010-Sep-18 |
| Simple Java first CXF Webservice 2
|
| Building Simple Java first CXF webservice using CXFServlet, Spring, jaxws:endpoint, @WebService, @SOAPBinding, @WebResult
|
| Java Webservice |
2010-Sep-18 |
| Encoding special characters in userinput or on server
|
| Encoding can be done either in Javascript or JAVA encodeURIComponent, escape, java.net.URLEncoder..
|
| Java JSP |
2010-Aug-09 |
| Jstl fmt tag i18n formatdate formatcurrency
|
| fmt:setBundle, native2ascii.exe, fmt:message, fmt:setLocale, fmt:formatDate, fmt:formatNumber type=currency..
|
| Java JSP |
2010-Aug-05 |
| How to read and write a file
|
| How to read and write a file java.io.BufferedReader,java.io.FileReader, InputStreamReader ...
|
| Java J2SE |
2010-Aug-04 |
| jQuery validate form using ajax 2
|
| How to validate/submit form using ajax and jQuery input#, ($.ajax)..
|
| Javascript |
2010-Jul-23 |
| jQuery validate form using ajax 1
|
| How to validate/submit form using ajax and jQuery ($.ajax)..
|
| Javascript |
2010-Jul-23 |
| How to create datasource in RAD Websphere
|
| Create JDBC provider, datasource and JAAS security setup, JDBC connection URLs
|
| Servers Websphere |
2010-Jul-08 |
| Get Started 4
|
| Struts2 framework structure, how various components fit together
|
| Java Struts2 |
2010-Jul-07 |
| How to populate a form when JSP is called first time
|
| This is achieved throught setting bean in request, using frameworks like Struts2, Spring3..
|
| Java JSP |
2010-Jul-07 |
| Spring3 And Hibernate 4
|
| Spring3 and Hibernate 3.5.3 working together @Controller, @RequestMapping, @InitBinder, HibernateTransactionManager, LocalSessionFactoryBean, HibernateTemplate
|
| Java Spring |
2010-Jul-07 |
|
|
