- Is it possible to send a friend request on Xbox one to a PS4?
- What happened with this attempted migration? I've used all the mod tools I know about and I still can't figure it out
- Sitecore 9 Geo IP service error constructor not found
- Do water-mixable oil paintings market differently than conventional oil paintings?
- Error: Invalid number of arguments to Solidity function when calling safeTransferFrom function
- Is it possible to jump to an arbitrary location in a contract's bytecode?
- How to refund a wallet address from a contract with solidity and web3
- How I can monetize GNU GPL product developed (and currently updating) by me?
- Processing of genetic data: which are the required “technical and organisational measures”?
- What is the recommended upgrade increments to CiviCRM 5.7 from CiviCRM 5.0?
- Am I psychologically addicted to coffee?
- Conditions for stress strain graph
- Qualitatively how does the O-wind turbine function?
- Why do we consider purchase of house by households as Investment?
- Notation for Christoffel symbols
- Case sensitive regular expression search
- A proper latin name for an alien creature
- Which person holds the record of having most dense body?
- Is Kailāsa mansarovar actually in Tibet, China?
- Exact References of number of wives of krishna in mahabharat?
How to know if an ASP web page is vulnerable to SQL injection?
I've some experiences of working with PHP web applications vulnerable to SQL injection and exploiting this type of vulnerability successfully but never tried to do this on a ASP based web application. When we try to find out if a PHP web application is vulnerable to SQL injection we usually add a single quote to the end of an input parameter like this:
and if we get an error like this:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
we know that it's vulnerable. In some cases we get a blank page or missing some data on page which can mean that its vulnerable.
So here is my question: If I add a single quote to the end of an input parameter in an classic ASP web page and I get a blank page or miss some data on that page, does it mean that it's vulnerable to SQL injection? And is there any other ways to know if an SQL injection vuln
Sorry, I want to expand a bit on your thought process. It's not just an ' at the end. I mean, that's a good, quick of finding a decent percentage of the holes.
Let me give an example of a vulnerability that this approach wouldn't find:
--- code behind the scenes: ---
string table = "history"
if (status == "live") table = "current"
string sqlCmd = "select * from " + table + " where name = '" + name + "'"
... see the problem? The last parameter in your url specifies the status, and the code is simply using a "is it X or not?" logic to it - it doesn't inject the actual value into the SQL statement, so it's not vulnerable. But the other parameter is inserted into the SQL statement raw - which makes it vulnerable to injection attack. So while:
... wouldn't have an error, this would:
So, realistically,2017-11-21 00:08:08
Sql injection is sql injection. It is independent of your web framework. If the developer has not bound the parameters they are potentially vulnerable. Either of the two methods you mentioned are as likely to work on ASP as on PHP.
However it is unlikely that the classic ASP application is using MySql, far more likely to be using Sql Server, possibly even MS Access. That will give you some more subtle differences in how to exploit any vulnerabilities that you might find.2017-11-21 00:08:58