Proposing SQL Statement Coverage Metrics: Difference between revisions
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 60: | Line 60: | ||
The example we have presented in Figure 4 performs no input validation, and as a result the example contains at least three input validation vulnerability locations. The first two are the username and password fields as given in the web form in Figure 3. An attacker could cause the code fragment change shown in Figure 5 simply by entering the SQL command fragment “<code>‘ OR 1=1 -- AND</code>" in the input field instead of any valid user name in Figure | The example we have presented in Figure 4 performs no input validation, and as a result the example contains at least three input validation vulnerability locations. The first two are the username and password fields as given in the web form in Figure 3. An attacker could cause the code fragment change shown in Figure 5 simply by entering the SQL command fragment “<code>‘ OR 1=1 -- AND</code>" in the input field instead of any valid user name in Figure | ||
3. | 3. | ||
//from Figure 4; original code | |||
$result = mysql_query( | |||
“select * from users where username = | |||
‘$username’ AND password = ‘$password’”); | |||
//code with inserted attack parameters | |||
$result = mysql_query( | |||
“select * from users where username = | |||
‘’ OR 1=1 -- AND password = ‘PASSWORD’”); | |||
<center>'''Figure 5. Example SQL statement, before and after | |||
== 9. References == | == 9. References == | ||