THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Denis Gobo

SQL Injection Cheat Sheet

What is SQL Injection? From wikipedia: SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed

Here is a nice SQL injection cheat sheet. Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL

 http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/

Table Of Contents
 About SQL Injection Cheat Sheet
 Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks

Line Comments
 SQL Injection Attack Samples

Inline Comments
 Classical Inline Comment SQL Injection Attack Samples
 MySQL Version Detection Sample Attacks

Stacking Queries
 Language / Database Stacked Query Support Table
 About MySQL and PHP
 Stacked SQL Injection Attack Samples

If Statements
 MySQL If Statement
 SQL Server If Statement
 If Statement SQL Injection Attack Samples

Using Integers

String  Operations
 String Concatenation

Strings without Quotes
 Hex based SQL Injection Samples

String Modification & Related

Union Injections
 UNION – Fixing Language Issues

Bypassing Login Screens

Enabling xp_cmdshell in SQL Server 2005
Other parts are not so well formatted but check out by yourself, drafts, notes and stuff, scroll down and see.

Published Wednesday, September 19, 2007 11:33 AM by Denis Gobo

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

KOK said:

Such A Nice Article

August 20, 2008 9:16 AM
 

Brent Jenkins said:

I have a situation where I must use embedded sql only.

That means NO store procedures, parameterized queries, etc are allowed - period.

In other words, my hands are tied!

Anyhow, I wrote this routine to prevent SQL Injection.

I think this routine is bullet proof.

Can anybody break it?

Function getSafeValue(ByVal userInput As String) As String

 userInput = Trim(userInput)

 userInput = userInput.Replace("'", "''")

 userInput = userInput.Replace("""", "''")

 Return IIf(userInput = "", "NULL", "'" & userInput & "'")

End Function

September 22, 2008 5:18 PM

Leave a Comment

(required) 
(required) 
Submit

About Denis Gobo

I was born in Croatia in 1970, when I was one I moved to Amsterdam (and yes Ajax is THE team in Holland) and finally in 1993 I came to the US. I have lived in New York City for a bunch of years and currently live in Princeton, New Jersey with my wife and 3 kids. I work for Dow Jones as a Database architect in the indexes department, one drawback: since our data goes back all the way to May 1896 I cannot use smalldates ;-( I have been working with SQL server since version 6.5 and compared to all the other bloggers here I am a n00b. Some of you might know me from http://sqlservercode.blogspot.com/ or even from some of the newsgroups where I go by the name Denis the SQL Menace If you are a Tek-Tips user then you might know me by the name SQLDenis, I am one of the guys answering SQL Questions in the SQL Programming forum.

This Blog

Syndication

Powered by Community Server (Commercial Edition), by Telligent Systems
  Privacy Statement