Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
sql injections
Posted on 2011-03-05
Hey guys m new to developing can i know how can i find sql injection errors from the script and fix them?
like i have source codes of many websites which include normal blogs to commerce sites i want to know how can i find where possible sql injection error could be by opening the php files in notepad or any other editor????
database can be any mysql mssql
like i have source codes of many websites which include normal blogs to commerce sites i want to know how can i find where possible sql injection error could be by opening the php files in notepad or any other editor????
database can be any mysql mssql
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
- +3
9 Comments
EVERY SINGLE INPUT that comes into your scripts that gets anywhere near a database is potential injection. That even includes such things as hidden inputs from a form.
Pass EVERY input through a safety filter such as htmlentities(), mysql_real_escape_string()
If any input could ever be used in a database query, stored in the database, used in a WHERE clause, or any other use in any query, you must safety filter it. No exceptions.
Pass EVERY input through a safety filter such as htmlentities(), mysql_real_escape_string()
If any input could ever be used in a database query, stored in the database, used in a WHERE clause, or any other use in any query, you must safety filter it. No exceptions.
here is a nice PHP blog on sql injections:
http://www.php.net/manual/en/security.database.sql-injection.php
look at the bottom comments since some of them provide very interesting ressources.
Also, to build on yodercm's comment your best bet is to use a database framework of some sort so that all your database code can be changed at a single location: if you have to check every single inputs on every page you create you will probably make mistakes at some point. If all your database logic is encapsulated in a few well designed classes however you will be able to have more control on security matters.
http://www.php.net/manual/en/security.database.sql-injection.php
look at the bottom comments since some of them provide very interesting ressources.
Also, to build on yodercm's comment your best bet is to use a database framework of some sort so that all your database code can be changed at a single location: if you have to check every single inputs on every page you create you will probably make mistakes at some point. If all your database logic is encapsulated in a few well designed classes however you will be able to have more control on security matters.
not really... if you want to rely on magic quotes you can turn them on while you work your way through each files (it's not a 100% foul's proof though but it is "automatic"). In the long run however I advise you to encapsulate your DB logic in a few classes and do the necessary security checks there:
http://php.net/manual/en/security.magicquotes.php
if you want something 100% secure you will have to edit most of your pages anyway, especially if security was not taken into account during the development process. You might also want to look at PHP frameworks that comes with secure database classes
http://php.net/manual/en/security.magicquotes.php
if you want something 100% secure you will have to edit most of your pages anyway, especially if security was not taken into account during the development process. You might also want to look at PHP frameworks that comes with secure database classes
Active today
If you want to examine source coe of blogs or other CMS systems, then it would perhaps be better to ask to corresponding programmers an community of the product. As you are novice programmer, do you really think you would find insecure code an experienced programmer has overlooked?
There are security fixes to most any software having some success and being used, no question, there never is 100% security anyway.
As yodercm initially said what is important is the flow of input into sql queries. Using filters as mentioned is one way, using parameterization is another one and you can of course also do both. Quotes are just one simple problem.
So what you'd need is a parser finding all code lines processing input. That's not easily automated. But code grows slowly, you only start with "a hell of files", if you base your code on an existing CMS or other system. If you start from scratch you can oversee where vulnaribilies are. And yes, you can oversee something, even in a team of developers. Security checks are typically done in unit tests with random input, also wrong input and of cause known injection attacks. So vulnerabilities are not only found by code analysis, but also by testing.
Open source has the advantage not only the bad but also the good hackers are analyzing code and reporting errors and security issues. It also initially asks more precaution by the developer, as the code is open source and can be analyzed of course. It's not a matter of how much code this is, on the other side there are also masses of people searching for vulnerabilities, so there is no security due to an error being buried in lots of code.
Last not least, there are good architecture patterns, liek MVC (model view controller), where a controller is taking in input, seeing what the request means, calling the model to retrieve data, providing that to a view needed to show the next page. In short. In this design pattern all input goes through one object and the coe to prevent injections is centralized and not scattered.
Bye, Olaf.
There are security fixes to most any software having some success and being used, no question, there never is 100% security anyway.
As yodercm initially said what is important is the flow of input into sql queries. Using filters as mentioned is one way, using parameterization is another one and you can of course also do both. Quotes are just one simple problem.
So what you'd need is a parser finding all code lines processing input. That's not easily automated. But code grows slowly, you only start with "a hell of files", if you base your code on an existing CMS or other system. If you start from scratch you can oversee where vulnaribilies are. And yes, you can oversee something, even in a team of developers. Security checks are typically done in unit tests with random input, also wrong input and of cause known injection attacks. So vulnerabilities are not only found by code analysis, but also by testing.
Open source has the advantage not only the bad but also the good hackers are analyzing code and reporting errors and security issues. It also initially asks more precaution by the developer, as the code is open source and can be analyzed of course. It's not a matter of how much code this is, on the other side there are also masses of people searching for vulnerabilities, so there is no security due to an error being buried in lots of code.
Last not least, there are good architecture patterns, liek MVC (model view controller), where a controller is taking in input, seeing what the request means, calling the model to retrieve data, providing that to a view needed to show the next page. In short. In this design pattern all input goes through one object and the coe to prevent injections is centralized and not scattered.
Bye, Olaf.
sql injection is top rated web Application attack these days. There are many insecure code over the net and also there are several ways to protect ASP.NET application from sql injection attacks. sql injection can occur when an application uses input to construct dynamic sql statements or when it uses stored procedures to connect to the database. Methods of sql injection exploitation are classified according to the DBMS type and exploitation conditions
Vulnerable request can implement Insert, update, delete. It is possible to inject sql code into any part of sql request Blind sql injection Features of sql implementations used in various dbms. Successful sql injection attacks enable attackers to execute commands in an application's database and also take over the server.
my recommendation:
- Basically, make sure your web server is up-to-date with latest security fixes/patches.
- Make sure you have filter every user input and output as proper encoding like UTF-8.
Read the full testing guide: https://www.owasp.org/images/8/89/OWASP_Testing_Guide_V3.pdf
- try tom imlement web application scanner , check this link http://trac.ush.it/ush/wiki/SecurityTools
- i use ex. watchfile now IBM aapscan tools http://www-01.ibm.com/software/rational/offerings/websecurity/ to scan all my web application
check google more how to protect against sql injection
regarding Microsoft issue check http://msdn.microsoft.com/en-us/library/ms998271.aspx
search http://www.sans.org/ "sql injection"
WASC: http://projects.webappsec.org/SQL-Injection
OWASP: http://www.owasp.org/index.php/SQL_Injection
CodeProject http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx
Here's a data cheat sheet with several tricks for sql injection exploitation:
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
my recommendation:
- Basically, make sure your web server is up-to-date with latest security fixes/patches.
- Make sure you have filter every user input and output as proper encoding like UTF-8.
Read the full testing guide: https://www.owasp.org/images/8/89/OWASP_Testing_Guide_V3.pdf
- try tom imlement web application scanner , check this link http://trac.ush.it/ush/wiki/SecurityTools
- i use ex. watchfile now IBM aapscan tools http://www-01.ibm.com/software/rational/offerings/websecurity/ to scan all my web application
check google more how to protect against sql injection
regarding Microsoft issue check http://msdn.microsoft.com/en-us/library/ms998271.aspx
search http://www.sans.org/ "sql injection"
WASC: http://projects.webappsec.org/SQL-Injection
OWASP: http://www.owasp.org/index.php/SQL_Injection
CodeProject http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx
Here's a data cheat sheet with several tricks for sql injection exploitation:
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
well i said me new i meant new in finding errors i know php and web development but m not good in finding errors are there any good tools to find web app errors free one ? like i make a local server and test them that way
Featured Post
Machine learning means Smarter Cybersecurityâ„¢ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
A Stored Procedure in Microsoft SQL Server is a powerful feature that it can be used to execute the Data Manipulation Language (DML) or Data Definition Language (DDL).
Depending on business requirements, a single Stored Procedure can return differe…
Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes. We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month6 days, 23 hours left to enroll
622 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.