Question : Let us review this dba.exchange Oracle question for SQL-Server. This is SaUce’s code, after a little formatting: CREATE […]
Tag: sql-injection
Inject aggregation function inside a procedure
Question : Is it possible to inject the name of a function (AVG, MAX…) as a procedure parameter? CREATE PROCEDURE […]
SQL Injection penn testing from the queries only
Question : Is there an established method or tool available to perform pen testing on an application by only testing […]
Find the source of a recurrent mass SQL edit on a server
Question : I’ll try to explain my problem as clear as possible. The server of a company I support runs […]
Does putting single quotation marks around numeric constants really protect from SQL injection in MySQL?
Question : The manual seems to suggest that using quotes around numbers is sufficient to protect from SQL injection. According […]
How to restrict users to select only query through application textbox field?
Question : Say that I have a web application that lets users to type in a SQL query (SQL Server […]
PostgreSQL. Is using random tag in dollar quoting without escaping input safe?
Question : Is that safe to run such query without escaping input? Assume noone can guess the random string I […]
Divide by zero in ORDER BY CLAUSE
Question : I just got a PEN-Test result from a web application. The tester stated they were able to use […]
Do stored procedures prevent SQL injection?
Question : Is it true that stored procedures prevent SQL injection attacks against PostgreSQL databases? I did a little research […]
TSQL – Sql Injection
Question : DECLARE @TSQL NVARCHAR(MAX) = N’SELECT 1, ”One”’; CREATE TABLE #ThisIsATable (Id INT, VAL NVARCHAR(10)); INSERT INTO #ThisIsATable EXEC […]