Here is a classic example of a vulnerable statement (assume this
is built dynamically in the language of your choice):

SELECT USER_NAME FROM PASSWORDS
WHERE USER_NAME = '<user_name_var>' AND PASSWORD = '<password_var>'

If someone learns a valid user name, they can enter it and
comment escape characters as the user name and anything as the
password and get a result. Assuming "--" means a comment (it does
for Oracle), they could enter "gooduser' --" as the user name and
"haha" as the password which would result in this SQL statement:

SELECT USER_NAME FROM PASSWORDS
WHERE USER_NAME = 'good_user' --' AND PASSWORD = 'haha'

Everything after "--" is ignored so they just bypassed the password check.

I sort of see what this is doing here, but in RPG building dynamic SQL I
don't see how this would be a problem (other than possibly SQL run time
error with the string being used).

I think this deals mainly with interpreted scripts? I am curious.

Brad


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.