• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Tim Holloway
  • Carey Brown
  • salvin francis

Make Vulnerable to SQL Injection

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys. After testing few of SQL injection in my login page, it seems the SQL injection doesn't work which is good things.
However now if I want to make my login page vulnerable to SQL injection, because one of my software security assignment task is to find out weaknesses of OWASP TOP 10 weaknesses from our own developed application.
Below is my login page code:

 
author & internet detective
Posts: 39433
768
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jack,
You need to have a SQL statement in your code in order to be vulnerable to SQL Injection. I know how to do this Java, but not C# so I googled.

It looks like the way to do that is with a SQLCommand class. Here's an example
 
Saloon Keeper
Posts: 10494
224
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It looks like you're using Entity Framework, which creates SQL queries itself and protects you from SQL injection attacks.

You have a different problem though. You are storing your users' passwords in the database. Don't store passwords, encrypted or not.

It's easiest if you add ASP.NET Identity to your OWIN pipeline. If you don't have OWIN, get an implementation like Katana.
 
Hot dog! An advertiser loves us THIS much:
Enterprise-grade Excel API for Java
https://products.aspose.com/cells/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!