SQL Injection
-
Hi, thanks for looking I receive a few app errors, the error says: System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.Data.SqlClient.SqlException: Conversion failed when converting the nvarchar value '26' And char(124)+(Select Cast(Count(1) as varchar(8000))+char(124) From [sysobjects] Where 1=1)>0 and ''='' to data type int. What can this query do?? It will only return the same record. I think they wrote this n the querystring I guess they were only testing if they could inject code How could i test how secure is my app?? Thanks in advance
Alexei Rodriguez
-
Hi, thanks for looking I receive a few app errors, the error says: System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.Data.SqlClient.SqlException: Conversion failed when converting the nvarchar value '26' And char(124)+(Select Cast(Count(1) as varchar(8000))+char(124) From [sysobjects] Where 1=1)>0 and ''='' to data type int. What can this query do?? It will only return the same record. I think they wrote this n the querystring I guess they were only testing if they could inject code How could i test how secure is my app?? Thanks in advance
Alexei Rodriguez
There's an excellent article on SQL Injection attacks (and how to prevent them) here[^].
Knowledge is knowing that the tomato is a fruit. Wisdom is not putting it in fruit salad!! Booger Mobile - Camp Quality esCarpade 2010