Re: Row-0 mitigation of SQL injection

["Liudvikas Jablonskas" <liudvikas.jablonskas () gmail com>]

i can use injection like this:
' or 'a' = 'a' limit 2,1;
and it will use second row.

On 6/6/07, Jim Halfpenny <jimsmailinglists () gmail com> wrote:
> Hi,
> One thing I've noticed about SQL injection is that quite often the
> injected code returns a data set and the vulnerable application plucks
> the first row from the set. Consider a simple example where a login
> form is vulnerable and the following code is generated:
>
> select * from users where login = '' or 'a' = 'a';
>
> Instead of returning one row as expected the whole table is returned
> and the application more often than not reads the first row. This hack
> is especially bad if the first user in the table has admin right,
> which is often the case.
>
> One way of potentially hobbling simple SQL injection would be to
> insert a sentinel record at the beginning of the table (hence the
> row-0 concept). This this row is ever returned the the application can
> be made aware something bad has happened.
>
> Does this sound like a good idea, or does it encourage poor coding by
> having a safety net? All comments welcome.
>
> Jim
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------

--
Liudvikas Jablonskas
mob.: +370 6 333 99 33
skype: liudvikas
icq: 104364435
http://www.liudvikas.lt
_____
Jei šis pranešimas Jums pateko per klaidą ar dėl įrangos gedimo, Jūs
negalite naudoti jame esančios informacijos.