Guy Ellis Rocks

C# ASP.NET SQL SERVER

Security Vulnerability

Can you see the security vulnerability in the following snippet of code?

    string returnValue = String.Empty;
    string sql =
        "select description from products where prodID = '"
        + Request.Params["pid"] + "';";
    SqlCommand sqlcmd = new SqlCommand(sql);
    sqlcmd.Connection = sqlConn;
    SqlDataReader sdr = cmd.ExecuteReader();
    if (sdr.Read())
    {
        returnValue = (string)sdr[0];
    }
    sdr.Close();
    return returnValue;

Filed under: coding

» Similar Posts

  1. Stop Forum Spam
  2. String Reverse in C#
  3. Combine, compress, and update your CSS file in ASP.NET MVC

» Trackbacks & Pingbacks

    No trackbacks yet.
Trackback link for this post:
http://guyellisrocks.com/trackback.ashx?id=154

» Comments

  1. Rob Manderson avatar

    I'd shoot anyone who deployed code like that!

    Rob Manderson — April 29, 2009 12:52 PM
  2. guy ellis avatar

    I would stand still while being shot if I produced code like that...

    guy ellis — April 29, 2009 1:56 PM
  3. Bill Brown avatar

    Someone is obviously unfamiliar with the using operator.

    Assuming your question wasn't rhetorical, yes. It's a textbook example of a SQL injection vulnerability.

    Bill Brown — May 4, 2009 11:06 AM
  4. friendster graphics avatar

    0h i feel lucky can find this good article..

    now i find something that i want to know, thank you..

    friendster graphics — May 7, 2009 12:07 AM
  5. CodeSeeker avatar

    i would send a request with pid :

    nothing' union select 'dead man' as description; DROP TABLE products; --

    CodeSeeker — May 7, 2009 7:34 AM

» Leave a Comment