WebApp Sec mailing list archives
RE: SQL Injection Basics
From: "David Cameron" <dcameron () itis-now com>
Date: Wed, 12 Feb 2003 15:10:51 +1100
I think you meant to first sanitize CInt(Request.QueryString("id")) to make sure it's an integer. If I'm not mistaken, you've given a perfect example of code that is susceptible to SQL Injection mischief
By using CInt he has sanitized the data. CInt converts to an integer. & can also take integer parameters. When you run CInt("1 OR 1=1"), you get a type mismatch, which is a problem, but not one that means that Mark's code is vulnerable to SQL injection. He should be running IsNumeric over the data first. Better yet, ADO command objects should be used for ASP, as suggested many times. See the documentation (RTM) on the function CInt(): Description Returns an expression that has been converted to a Variant of subtype Integer. Syntax CInt(expression) The expression argument is any valid expression. Remarks In general, you can document your code using the subtype conversion functions to show that the result of some operation should be expressed as a particular data type rather than the default data type. For example, use CInt or CLng to force integer arithmetic in cases where currency, single-precision, or double-precision arithmetic normally would occur. Use the CInt function to provide internationally aware conversions from any other data type to an Integer subtype. For example, different decimal separators are properly recognized depending on the locale setting of your system, as are different thousand separators. If expression lies outside the acceptable range for the Integer subtype, an error occurs. The following example uses the CInt function to convert a value to an Integer: Dim MyDouble, MyInt MyDouble = 2345.5678 ' MyDouble is a Double. MyInt = CInt(MyDouble) ' MyInt contains 2346. -------------------------------------------------------------------------------- Note CInt differs from the Fix and Int functions, which truncate, rather than round, the fractional part of a number. When the fractional part is exactly 0.5, the CInt function always rounds it to the nearest even number. For example, 0.5 rounds to 0, and 1.5 rounds to 2. -------------------------------------------------------------------------------- regards David Cameron nOw.b2b dcameron () itis-now com
Current thread:
- RE: SQL Injection Basics, (continued)
- RE: SQL Injection Basics Brass, Phil (ISS Atlanta) (Feb 11)
- RE: SQL Injection Basics Eric Appelboom (Feb 11)
- Re: SQL Injection Basics Kevin Spett (Feb 11)
- RE: SQL Injection Basics Patrick Debois (Feb 11)
- RE: SQL Injection Basics Logan F.D. Greenlee (Feb 11)
- RE: SQL Injection Basics Mark Mcdonald (Feb 11)
- Re: SQL Injection Basics Jim McGarvey (Feb 11)
- Re: SQL Injection Basics Mark Curphey (Feb 11)
- Re: SQL Injection Basics Jim McGarvey (Feb 12)
- Re: SQL Injection Basics dreamwvr () dreamwvr com (Feb 12)
- Re: SQL Injection Basics Jim McGarvey (Feb 11)
- RE: SQL Injection Basics David Cameron (Feb 11)
- RE: SQL Injection Basics Mark Mcdonald (Feb 11)
- RE: SQL Injection Basics Jason Benson (Feb 12)
- RE: SQL Injection Basics David Cameron (Feb 12)
- Re: SQL Injection Basics Alex Russell (Feb 12)
- RE: SQL Injection Basics David Cameron (Feb 12)
- RE: SQL Injection Basics Brass, Phil (ISS Atlanta) (Feb 13)
- Re: SQL Injection Basics Bart McKinnley (Feb 14)