Chapter 9  ■ Injecting Code

Of course, when you are interacting with a remote application, it is not nor-

mally possible to know in advance what type of statement a given item of user

input will be processed by. However, you can usually make an educated guess

based upon the type of application function you are dealing with. The most

common types of SQL statements and their uses are described here.

SELECT Statements

SELECT

statements are used to retrieve information from the database. They

are frequently employed in functions where the application returns informa-

tion in response to user actions, such as browsing a product catalog, viewing a

user’s profile, or performing a search. They are also often used in login func-

tions where user-supplied information is checked against data retrieved from

a database.

As in the previous examples, the entry point for SQL injection attacks is nor-

mally the 

WHERE

clause of the query, in which user-supplied items are passed to

the database to control the scope of the query’s results. Because the 

WHERE

clause is usually the final component of a 

SELECT

statement, this enables the

attacker to use the comment symbol to truncate the query to the end of his

input without invalidating the syntax of the overall query.

Occasionally, SQL injection vulnerabilities occur that affect other parts of the

SELECT

query, such as the 

ORDER BY

clause or the names of tables and columns.

Download 5,76 Mb.

Do'stlaringiz bilan baham: