Security Basics mailing list archives
Is sql-injection possible in following code
From: sk <sk10_0 () yahoo com>
Date: Sat, 15 Aug 2009 00:16:58 +0530 (IST)
Is sql-injection is possible in following procedure if yes then how .. I tried some sql injection techniques but nothing worked. it is for oracle database CREATE OR REPLACE PROCEDURE demo( MyID IN VARCHAR2) AS Employee_rec Employee%ROWTYPE; BEGIN DBMS_OUTPUT.PUT_LINE(MyID); SELECT * INTO Employee_rec FROM Employee WHERE ID= MyID ; DBMS_OUTPUT.PUT_LINE(Employee_rec.Salary); Employee_rec.Salary := 900; DBMS_OUTPUT.PUT_LINE(Employee_rec.Salary); END; table used create table Employee( ID VARCHAR2(4 BYTE) NOT NULL, First_Name VARCHAR2(10 BYTE), Last_Name VARCHAR2(10 BYTE), Start_Date DATE, End_Date DATE, Salary Number(8,2), City VARCHAR2(10 BYTE), Description VARCHAR2(15 BYTE) ) / insert into Employee(ID, First_Name, Last_Name, Start_Date, End_Date, Salary, City, Description) values ('01','Jason', 'Martin', to_date('19960725','YYYYMMDD'), to_date('20060725','YYYYMMDD'), 1234.56, 'Toronto', 'Programmer') / insert into Employee(ID, First_Name, Last_Name, Start_Date, End_Date, Salary, City, Description) values('02','Alison', 'Mathews', to_date('19760321','YYYYMMDD'), to_date('19860221','YYYYMMDD'), 6661.78, 'Vancouver','Tester') Regards Sumit / Yahoo! recommends that you upgrade to the new and safer Internet Explorer 8. http://downloads.yahoo.com/in/internetexplorer/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Is sql-injection possible in following code sk (Aug 14)
- Re: Is sql-injection possible in following code Terra Frost (Aug 18)
- Re: Is sql-injection possible in following code sk (Aug 18)
- Re: Is sql-injection possible in following code Fabien Vincent (Aug 18)
- <Possible follow-ups>
- Re: Re: Is sql-injection possible in following code dan . crowley (Aug 19)
- Re: Is sql-injection possible in following code Terra Frost (Aug 18)