CRV2 SQLInjJava

=Java SQL Injections=

SQL injections occur when input to a web application is not controlled or sanitized before executing to the back-end database The attacker tries to exploit this vulnerability by passing SQL commands in her/his input and therefore will create a undesired response from the database such as providing information that bypasses the authorization and authentication programmed in the web application

An example of a vulnerable java code (Livshits and Lam, 2005)

HttpServletRequest request = ...; String userName = request.getParameter("name"); Connection con = ... String query   = "SELECT * FROM Users " + " WHERE name = '" + userName + "'"; con.execute(query);

The input parameter “name” is passed to the String query without any proper validation or verification. The query ‘SELECT* FROM users where name" is equal to the string ‘username’ can be easily misused to bypass something different that just the ‘name’. For example, the attacker can attempt to pass instead "  OR  1=1. In this way accessing all user records and not only the one entitled to the specific user

More of SQL Injection Vulnerabilities
See the OWASP article on SQL Injection Vulnerabilities. http://www.owasp.org/index.php/SQL_Injection See the OWASP article on Blind_SQL_Injection Vulnerabilities. http://www.owasp.org/index.php/Blind_SQL_Injection

How to Avoid SQL Injection Vulnerabilities
See the OWASP Development Guide article on how to Avoid SQL Injection Vulnerabilities. http://www.owasp.org/index.php/Guide_to_SQL_Injection

How to Test for SQL Injection Vulnerabilities
See the OWASP Testing Guide article on how to Test for SQL Injection Vulnerabilities. http://www.owasp.org/index.php/Testing_for_SQL_Injection