<< A session that I would like to see | Home | Interviewing developers >>

How to test for SQL Injections

Not only does this snippet effective in finding simple SQL Injection attacks:

image

 The side effects are highly reduced ratio of second offences, and a sudden improvement in backup practices.

Now if I could fix the weeping issue...

Print | posted on Wednesday, August 22, 2007 12:48 AM

Feedback

Gravatar

# re: How to test for SQL Injections 8/22/2007 2:27 AM Matthew Martin

A better test would drop master or msdb, that way the test could be re-used for other projects. WAITFOR DELAY '00:00:30' works too.

Gravatar

# re: How to test for SQL Injections 8/22/2007 10:44 AM Joe '; DROP DATABASE *; --

Joe '; DROP DATABASE *; --

Gravatar

# re: How to test for SQL Injections 8/22/2007 4:05 PM ch__

Hehe. Fair enough.

Gravatar

# re: How to test for SQL Injections 8/31/2007 5:18 PM Chris May

This would be a good place for one of us SP lovers to make a comment, but I will hold back :)

Comments have been closed on this topic.