Wednesday, April 29, 2009

Security Vulnerability

Can you see the security vulnerability in the following snippet of code?

    string returnValue = String.Empty;
    string sql =
        "select description from products where prodID = '"
        + Request.Params["pid"] + "';";
    SqlCommand sqlcmd = new SqlCommand(sql);
    sqlcmd.Connection = sqlConn;
    SqlDataReader sdr = cmd.ExecuteReader();
    if (sdr.Read())
    {
        returnValue = (string)sdr[0];
    }
    sdr.Close();
    return returnValue;

Posted by at
Labels:

5 comments:

  1. Rob MandersonApril 29, 2009 at 12:52 PM

    I'd shoot anyone who deployed code like that!

    ReplyDelete
  2. guy ellisApril 29, 2009 at 1:56 PM

    I would stand still while being shot if I produced code like that...

    ReplyDelete
  3. Bill BrownMay 4, 2009 at 11:06 AM

    Someone is obviously unfamiliar with the using operator.
    Assuming your question wasn't rhetorical, yes. It's a textbook example of a SQL injection vulnerability.

    ReplyDelete
  4. friendster graphicsMay 7, 2009 at 12:07 AM

    0h i feel lucky can find this good article..
    now i find something that i want to know, thank you..

    ReplyDelete
  5. CodeSeekerMay 7, 2009 at 7:34 AM

    i would send a request with pid :
    nothing' union select 'dead man' as description; DROP TABLE products; --

    ReplyDelete

Subscribe to: Post Comments (Atom)