Saurav Sarkar: >Our application is free of any kind of SQL injection Famous last words. :)
>as we don't have any input fields. So where does your data come from? Does your application have any interface that an attacker could access? How do you create your SQL statements? Are you always using bound parameters? >https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3414 This requires the attacker to control a collation name. >https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3415 This requires the attacker to control the CHECK clause in a CREATE TABLE statement. >https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3416 This requires the attacker to control the format string of the print() SQL function. Regards, Clemens
