SQL Injection

In the Page_load of a ASP.NET page called inject.aspx:

SqlConnection con = 
   new SqlConnection(@"data source=(local)TEST;user id=sa;password=sa;database=Northwind");
con.Open();
string sqlstring = String.Format("INSERT INTO Categories (CategoryName, Description, Picture)  VALUES ('naam', '{0}', null)", 
Request.QueryString["desc"]);
Response.Write(sqlstring);
SqlCommand cmd = new SqlCommand(sqlstring, con);
cmd.ExecuteNonQuery();
con.Close();

Direct your browser to “……/…../inject.aspx?test=x’,null); drop table test; –” and your table Test is gone with the (North)wind.

See also this link for more information.

Share

Leave a Reply

Your email address will not be published. Required fields are marked *