Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks: Difference between revisions
Jump to navigation
Jump to search
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 25: | Line 25: | ||
... | ... | ||
java.sql.Connection mySQLConnector = DriverManager.getConnection(); | java.sql.Connection mySQLConnector = DriverManager.getConnection(); | ||
java.sql.Statement s = mySQLConnector.createStatement("DELETE FROM | java.sql.Statement s = mySQLConnector.createStatement("DELETE FROM Patients WHERE Name = ‘" + name + “’;”); | ||
int result = s.executeUpdate(); | int result = s.executeUpdate(); | ||
return 1 == result; | return 1 == result; | ||
... | ... | ||
<center>Figure 1. Patient Deletion Code in Java; hotspot is bolded </center> | <center>Figure 1. Patient Deletion Code in Java; hotspot is bolded </center> | ||