Wednesday, December 4, 2024
Sunday, December 1, 2024
SQL injection flaw and how to fix it at DB itself
One simple example is
Select * from Users where email = '$email' ;
Here $email could be substituted with an "OR" getting a positive result for the condition check.
$email could be ' OR '1'='1 (including the single quotes), making this a valid SQL Statement.
However, In DB we could add a SQL Command template for the SQL statement, and if the template doesn't match then the SQL statement doesn't get executed.
email_value = web_input;
db->connection(""" , '"", 5000);
db->set_statement (" Select * from Users where email = '"+ email_value +" ';");
db->set_valid_template( " select * from Users where email = '%'; ");
// where % represents a value that is added dynamically.
if( db->is_injected() ){
//SQL injection detected
//return error.
} else {
//SQL injection not detected
// continue on here ...
}
Instead of fixing this in a website (backend pages) this could be fixed in the DB parser level itself, making one of the security vulnerabilities fixed.
Or, something like this can be done.
db->check_sql( email_value )
//0 - not sql
//1 - partial sql statement
//2 - full sql statement
Both of these methods wouldn't require a db query to be done.
Subscribe to:
Posts (Atom)