> -------- Original Message --------
> Subject: RE: ProfoxTech Digest, Vol 39, Issue 93
> From: "Hal Kaplan" <[EMAIL PROTECTED]>
> Date: Thu, August 24, 2006 8:54 am
> To: "ProFox Email List" <[email protected]>
>
> => -----Original Message-----
> => From: [EMAIL PROTECTED]
> => [mailto:[EMAIL PROTECTED] On Behalf Of
> => [EMAIL PROTECTED]
> => Sent: Thursday, August 24, 2006 11:31
> => To: ProFox Email List
> => Subject: RE: ProfoxTech Digest, Vol 39, Issue 93
> =>
> =>
> => Having a param could save your bacon.
> =>
>
> Is that barbeque talk? Speak English, man!
Yes it is, followed with get me a beer!
Just for grins how about this real life situation:
The hacker breaks into the system by injecting malformed SQL into the
query. This particular hack works
because the executed query is formed by the concatenation of a fixed
string and values entered by the user, as shown here:
string strQry = "SELECT Count(*) FROM Users WHERE UserName='" +
txtUser.Text + "' AND Password='" + txtPassword.Text + "'";
In the case of the user entering a valid user name of "Paul" and a
password of "password", strQry becomes:
SELECT Count(*) FROM Users WHERE UserName='Paul' AND Password='password'
But when the hacker enters
' Or 1=1 --
the query now becomes:
SELECT Count(*) FROM Users WHERE UserName='' Or 1=1 --' AND Password=''
Because a pair of hyphens designate the beginning of a comment in SQL,
the query becomes simply:
SELECT Count(*) FROM Users WHERE UserName='' Or 1=1
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
