Search Results
Search type | Search syntax |
---|---|
Tags | [tag] |
Exact | "words here" |
Author |
user:1234 user:me (yours) |
Score |
score:3 (3+) score:0 (none) |
Answers |
answers:3 (3+) answers:0 (none) isaccepted:yes hasaccepted:no inquestion:1234 |
Views | views:250 |
Code | code:"if (foo != bar)" |
Sections |
title:apples body:"apples oranges" |
URL | url:"*.example.com" |
Saves | in:saves |
Status |
closed:yes duplicate:no migrated:no wiki:no |
Types |
is:question is:answer |
Exclude |
-[tag] -apples |
For more details on advanced search visit our help page |
Results tagged with sql-injection
Search options not deleted
user 4351
SQL injection is a technique used to take advantage of vulnerabilities arising from non-validated input on web applications to pass SQL commands through for execution on a backend database.
3
votes
3
answers
7k
views
SQL - using String concatenation, how can I exploit this procedure?
I have a simple Stored Procedure:
create procedure [dbo].[test]
@str varchar (100)
AS
BEGIN
select * from [AdventureWorks2012].[HumanResources].[Employee] where JobTitle like '%' + @str +'%'
END
GO
…
14
votes
Does read-only access to the database prevent sql injection?
No, trivial example
EXEC ('SELECT COUNT(*)
FROM table
WHERE UserName =''''' + @UserName + ''''' AND Password = '''''+@Password+'''''')
Set @Password to a' OR 1=1;--
And your passwo …