Can you see the security vulnerability in the following snippet of code?
string returnValue = String.Empty;
string sql =
"select description from products where prodID = '"
+ Request.Params["pid"] + "';";
SqlCommand sqlcmd = new SqlCommand(sql);
sqlcmd.Connection = sqlConn;
SqlDataReader sdr = cmd.ExecuteReader();
if (sdr.Read())
{
returnValue = (string)sdr[0];
}
sdr.Close();
return returnValue;
I'd shoot anyone who deployed code like that!
ReplyDeleteI would stand still while being shot if I produced code like that...
ReplyDeleteSomeone is obviously unfamiliar with the using operator.
ReplyDeleteAssuming your question wasn't rhetorical, yes. It's a textbook example of a SQL injection vulnerability.
0h i feel lucky can find this good article..
ReplyDeletenow i find something that i want to know, thank you..
i would send a request with pid :
ReplyDeletenothing' union select 'dead man' as description; DROP TABLE products; --