SQL Injection Vulnerability Pattern

From Guidance Share

Jump to: navigation, search

Contents

[edit]

Context

You have an application that accesses a database.


[edit]

Problem

How to discover vulnerable data access code that could lead to unauthorized code execution in the database.


[edit]

Forces

  • Lack of type safe SQL parameters.
  • Construction of SQL statements from untrusted input.
  • Missing or weak input validation.


[edit]

Solution

  • Dynamic SQL concatenating unvalidated input 
SqlDataAdapter myCommand = new SqlDataAdapter(
         "SELECT au_lname, au_fname FROM authors WHERE au_id = '" + 
         SSN.Text + "'", myConnection);
  • Stored procedure concatenating unvalidated input 
SqlDataAdapter myCommand = new SqlDataAdapter(
                               "LoginStoredProcedure '" + 
                                SSN.Text + "'", myConnection);
  • Validating input against a predefined list of bad SQL strings 
private bool isUnSafe(string inputSQL, string [] badSQLStrings)
{
  foreach (string badStr in badSQLStrings)
  {
    if (inputSQL.Contains(badStr))
       return true;
  }
  return false;
}
Retrieved from "http://www.guidanceshare.com/wiki/SQL_Injection_Vulnerability_Pattern"
Personal tools