如何在Oracle上进行SQL注入 [英] How to do SQL injection on Oracle
问题描述
我正在对系统进行审核,开发人员坚持认为这是SQL注入证明.他们可以通过删除登录表单中的单引号来实现-但是后面的代码未参数化;它仍然像这样使用文字SQL:
I'm doing an audit of a system, which the developers insist is SQL injection proof. This they achieve by stripping out the single-quotes in the login form - but the code behind is not parameterized; it's still using literal SQL like so:
username = username.Replace("'", "");
var sql = "select * from user where username = '" + username + "'";
这真的安全吗?是否存在另一种插入单引号的方法,也许是通过使用转义符?使用的数据库是Oracle 10g.
Is this really secure? Is there another way of inserting a single quote, perhaps by using an escape character? The DB in use is Oracle 10g.
推荐答案
Have a look at the testing guide here: http://www.owasp.org/index.php/Main_Page That should give you more devious test scenarios, perhaps enough to prompt a reassessment of the SQL coding strategy :-)
这篇关于如何在Oracle上进行SQL注入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!