SQL Injection in a Non-Web Application.

views:

answers:

+1 Q:

SQL Injection in a Non-Web Application.

Does someone know of a good example of a SQL Injection vulnerability that isn't in a web application? What is the user input for this attack? I am looking for a real vulnerability, not speculation. The following picture is an example of a speculated attack.

alt text

+10 A:

sql injection is available wherever sql queries are generated from input without any escaping of sensitive chars (eg '). therefore if you have a desktop app that takes a text input field and generates a sql query string using it, you could potentially have an injection attack vector.

it's got nothing to do with being in a web context.

oedo 2010-04-26 16:40:49

Unfortunatlly this is not a vulnerability if the user has access to the database locally, such as a sqlite file. Perhaps if this was a kiosk.

Rook 2010-04-26 16:44:08

can you please clarify that? if the user has full access to the db then they probably won't need to use such a long-winded method to 'hack' the db, but that doesn't negate the fact that such a vulnerablity could still exist?

oedo 2010-04-26 16:46:37

What is a sql injection vulnerability to someone who already has administrative access to the database? Its the principal of the weakest link. I gave you a +1.

Rook 2010-04-26 16:52:21

+3 A:

SQL Injection is more visible in web applications because they're public, but it has nothing to do with them in particular. Any time you don't parameterize your SQL queries, you're at risk for an injection attack.

If your console or WinForms application takes a username and selects from a database to see if the user exists, and it's done by concatenating strings to make a SQL query, you have the same risk. Always parameterize or properly escape your SQL queries!

rwmnau 2010-04-26 16:43:45

ansaurus

tags:

views:

answers:

SQL Injection in a Non-Web Application.

related questions