Menu
Possible Duplicate:
Non-web SQL Injection
Does someone know of a good example of a SQL Injection vulnerability that isn't in a web application? What is the user input for this attack? I am looking for a real vulnerability, not speculation. The following picture is an example of a speculated attack.
alt text http://leonardoanceschi.files.wordpress.com/2008/05/mini.jpg
819
sql injection is available wherever sql queries are generated from input without any escaping of sensitive chars (eg '). therefore if you have a desktop app that takes a text input field and generates a sql query string using it, you could potentially have an injection attack vector.
it's got nothing to do with being in a web context.
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
