21Sep/041
SQL Injection via SQL Parameters?
Possible SQL Injection via SQL Parameters?
Pick up “Writing Secure Code v.2″, They discuss how a SQL parameter can be used as an injection attack.
Mostly, the examples I’ve seen center around the “exec” statement, either embedded in the code or in an SProc.
sqlString = "exec sp_DoSomeStuff '" + inputFromUser + "'";
SqlCommand cmd = new SqlCommand(conn,sqlString)Ad
.NET HTTP Abstractions group
|
| Subscribe to .NET HTTP Abstractions |
| Visit this group |
Tags
agile projectManagement scrum
altdotnet
asp.net MVC
ASPNETMVC MVC WebDevelopment
browsers
C#
chrome
compiler
CrossPostedFromDevCentral
da
daptiv
designtime
diversity
firefox
fSharp
functionalprogramming
funny
herdingcode
herdingcode podcast
herdingcode podcast opensource microsoft
house
internetexplorer
iPhone
java
Javascript
javascript. podcast
linux ubuntu wubi
mattpodwysockirules
microsoft jquery podcast javascript
Mono
MonoTouch
noReallyItsAJoke
oop
our
podcast
podcast herdingcodce
podcast herdingcode silverlight
reflection
rocks
screencast
sql
tutorial
win7 windows microsoft gotcha
Wordpress bug workaround
work
O’Reilly Blogger Review Program
Books I’ve worked on
Contributors
Links
Herding Code Podcast
- Herding Code 133: Derick Bailey on Backbone.js 2/3/2012
- Herding Code 132: Phil Haack, Keith Dahlby and Paul Betts on Git for Windows developers 1/20/2012
- Herding Code 131: Chris Williams and Matthew Podwysocki on the Javascript community 1/4/2012
- Herding Code 130: Dave Weaver on Loggr – a realtime analytics service built with MVC, MongoDB and SignalR 1/2/2012
- Herding Code 129: Rob Reynolds on Chocolatey and the Chuck Norris Frameworks 12/13/2011
Pingback: SQL Injection via SQL Parameters Lazycoder | Paid Surveys