Search Results
| Search type | Search syntax |
|---|---|
| Tags | [tag] |
| Exact | "words here" |
| Author |
user:1234 user:me (yours) |
| Score |
score:3 (3+) score:0 (none) |
| Answers |
answers:3 (3+) answers:0 (none) isaccepted:yes hasaccepted:no inquestion:1234 |
| Views | views:250 |
| Code | code:"if (foo != bar)" |
| Sections |
title:apples body:"apples oranges" |
| URL | url:"*.example.com" |
| Saves | in:saves |
| Status |
closed:yes duplicate:no migrated:no wiki:no |
| Types |
is:question is:answer |
| Exclude |
-[tag] -apples |
| For more details on advanced search visit our help page | |
Results tagged with sql-injection
Search options not deleted
user 4351
SQL injection is a technique used to take advantage of vulnerabilities arising from non-validated input on web applications to pass SQL commands through for execution on a backend database.
3
votes
3
answers
7k
views
SQL - using String concatenation, how can I exploit this procedure?
I have a simple Stored Procedure:
create procedure [dbo].[test]
@str varchar (100)
AS
BEGIN
select * from [AdventureWorks2012].[HumanResources].[Employee] where JobTitle like '%' + @str +'%'
END
GO
…
- 733
14
votes
Does read-only access to the database prevent sql injection?
No, trivial example
EXEC ('SELECT COUNT(*)
FROM table
WHERE UserName =''''' + @UserName + ''''' AND Password = '''''+@Password+'''''')
Set @Password to a' OR 1=1;--
And your passwo …
- 733