Friday, 23 March 2018

SQL Injection Based on Batched SQL Statements

Most databases support batched SQL statement.
A batch of SQL statements is a group of two or more SQL statements, separated by semicolons.
The SQL statement below will return all rows from the "Users" table, then delete the "Suppliers" table.

Example

SELECT * FROM Users; DROP TABLE Suppliers
Look at the following example:

Example

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
And the following input:
User id: 
The valid SQL statement would look like this:

Result

SELECT * FROM Users WHERE UserId = 105DROP TABLE Suppliers;
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

SQL Server Services and Tools

  Microsoft provides both data management and business intelligence (BI) tools and services together with SQL Server. For data management, S...