如何在Oracle上进行SQL注入 [英] How to do SQL injection on Oracle

问题描述

我正在对系统进行审核，开发人员坚持认为这是SQL注入证明.他们可以通过删除登录表单中的单引号来实现-但是后面的代码未参数化；它仍然像这样使用文字SQL:

I'm doing an audit of a system, which the developers insist is SQL injection proof. This they achieve by stripping out the single-quotes in the login form - but the code behind is not parameterized; it's still using literal SQL like so:

username = username.Replace("'", "");
var sql = "select * from user where username = '" + username + "'";

这真的安全吗?是否存在另一种插入单引号的方法，也许是通过使用转义符?使用的数据库是Oracle 10g.

Is this really secure? Is there another way of inserting a single quote, perhaps by using an escape character? The DB in use is Oracle 10g.

推荐答案

在此处查看测试指南:

Have a look at the testing guide here: http://www.owasp.org/index.php/Main_Page That should give you more devious test scenarios, perhaps enough to prompt a reassessment of the SQL coding strategy :-)

这篇关于如何在Oracle上进行SQL注入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！