| Saturday May 18th 2013

SQL injection countermeasure failures


Cute article about sanitizing form input…

…found this next snippet in the authentication code for the project he’d been assigned to.

// The following string is an SQL comment, and could
// blank out the check for password in our SQL statement
// if used in the username!
if (username.indexOf("';--")!=-1) {
    throw new AuthorisationException(username
      +" given as login name contains ';--, this is bad for SQL!");
}

// Get the (hopefully single) id of the player with
// this name and password
ResultSet authorised = statement.executeQuery(
    "SELECT id FROM table_name_redacted WHERE "
    + "username='"+username
    +"' AND password='"+password+"';");

It’s a bit better, but doesn’t quite fool the hacker who uses the “‘; –” attack instead of “‘;–”.

Read more…

Related Posts: On this day...

Post Published: 13 September 2008
Found in category: exploit, vulnerabilities

Previous Topic:
Next Topic:

Leave a Reply

Latest Topics

FBI claims default use of HTTPS by Google and Facebook has made it difficult to wiretape FBI claims »

A government task force is preparing...

Apple’s iMessage encryption trips up feds’ surveillance Apple’s »

The fuss iMessage's encryption has created...

15 Dangerously Mad Projects for the Evil Genius 15 Dangerously »

A few months ago I had fun playing with...

Bing Translate »

...

Ron Paul wants to expropriate RonPaul.com from his supporters without compensation Ron Paul wants »

Earlier today, Ron Paul filed an...

Watch the »

Cyclists in Los Angeles effectively closed...

Understanding Lenses: The Book Understanding »

The wonderful photographer and writer NKG...

Televised »

A guy was purportedly recording a police...

Remixable »

Eirik Solheim is an amazing geek and CC...

Easiest excuse for taking freedom: security Easiest excuse »

Here, in concise and precise language, is...

iPhone case allows you to take photos with phone held horizontally iPhone case »

The MirrorCase for the iPhone lets you take...

Raspberry Pi purchase and setup guide for developers Raspberry Pi »

The following are the steps I took to get...

Cops Ask Congress for Your Text Messages Cops Ask »

Law enforcement authorities are asking...

StickNFind »

Ultra small Sticker with Bluetooth Low...

Facebook in talks to buy WhatsApp Facebook in »

Could Facebook be in the mood for purchasing...

Unlocked Quad Band Dual Sim Android OS Smartphone on Amazon Unlocked Quad »

A buddy just bought this Chinese "iPhone" on...

Why »

Remember the end of Planet of the Apes?...

Microsoft Surface reviews are out Microsoft »

AnandTech brought up a point I hadn't...

Vote for Mitt »

This is utterly convincing. You may remember...

New Orleans cancels plans for Super Bowl drone New Orleans »

Above, "The Bravo 300," a tactical drone...

Recent Comments

Mancho: FYI it is the perfect bod...

Corey: I actually think this ama...

Leidy: That's a creative answer ...

Categories

.edu 4chan apple best practices books codemonkey con cool copywrong crackberry drm sucks encryption exploit facebook twitter firefox freeish free open source software ftw google hax hot deals howto linux lulz malware micro$oft news obama offtopic photo/pics piracy politics privacy pwned riaa sucks ron paul security spam tsa sucks ugh vulnerabilities wtf xkcd youtube zombies!

RSS US CERT RSS Feed