Penetration Testing mailing list archives
Row-0 mitigation of SQL injection
From: "Jim Halfpenny" <jimsmailinglists () gmail com>
Date: Wed, 6 Jun 2007 23:21:28 +0100
Hi, One thing I've noticed about SQL injection is that quite often the injected code returns a data set and the vulnerable application plucks the first row from the set. Consider a simple example where a login form is vulnerable and the following code is generated: select * from users where login = '' or 'a' = 'a'; Instead of returning one row as expected the whole table is returned and the application more often than not reads the first row. This hack is especially bad if the first user in the table has admin right, which is often the case. One way of potentially hobbling simple SQL injection would be to insert a sentinel record at the beginning of the table (hence the row-0 concept). This this row is ever returned the the application can be made aware something bad has happened. Does this sound like a good idea, or does it encourage poor coding by having a safety net? All comments welcome. Jim ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Row-0 mitigation of SQL injection Jim Halfpenny (Jun 06)
- Re: Row-0 mitigation of SQL injection Liudvikas Jablonskas (Jun 07)
- Re: Row-0 mitigation of SQL injection Zed Qyves (Jun 07)
- Re: Row-0 mitigation of SQL injection Sony C (Jun 07)
- Re: Row-0 mitigation of SQL injection Hubert Seiwert (Jun 07)
- Re: Row-0 mitigation of SQL injection John Lampe (Jun 07)
- <Possible follow-ups>
- Re: Row-0 mitigation of SQL injection mailbox () martinelli com (Jun 06)