How could you prevent SQL injection and data compromization from an - ProProfs Discuss
Menu
SearchAsk a Question+ Ask Question
Advertisement
  1. Web
  2. Web Application

How could you prevent SQL injection and data compromization from an attacker?

A web application implements a SQL operation in the following way (pseudocode): The application uses a MSSQL database running on a different machine from the web server. The database has one user (the built-in administrator account is not used).

Asked by Searchlab, Last updated: Feb 01, 2024

+ Answer
Request
Share
Question menu
Vote up Vote down

1 Answer

John Smith

John Smith

John Smith
John Smith

Answered Apr 20, 2017

Item=1 UNION SELECT 1,2,name FROM master..sysobjects WHERE xtype= U
User=1 UNION SELECT 1,2,name FROM master..sysdatabases
User=1 or 1=1--

A] This gives the attacker a list of table names. b] This does not give any extra information, since 1 or 1=1 will be quoted. c] This gives an attacker a list of databases. d] This dumps the contents of the items table. e] This does not give the attacker extra information directly, but the delay indicates a vulnerability this query is useful for blind SQL injection.
upvote downvote
Reply 
Continue Reading

More Web Application Questions

Ask Your Own Question
Advertisement
Advertisement
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader
CancelLoader
Image Preview
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader
CancelLoader
Image Preview
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader
CancelLoader

Email Sent
We have sent an email to your address "" with instructions to reset your password.