问题
I recently came across a windows app which has a really bad practice of having inline SQL scripts. Can it be prone to SQL injection?
if yes, are there any tools to discober the vulnerability quicky?
回答1:
Yes, windows apps can also be vulnerable to SQL injection attacks.
The problem is not the type of application, but inline sql scripts are also not the problem.
The problem is when the sql is built dynamically from hard coded strings and user input strings. In fact, even stored procedures might be vulnerable to SQL injection attacks.
Take for example this simple procedure: (Warning: This code is not safe!)
CREATE PROCEDURE sp_sqlInj
(
@UserInput varchar(300)
)
AS
DECLARE @Sql varchar(max)
SET @Sql = 'SELECT * FROM Table WHERE x = '+ @UserInput
EXEC(@Sql)
GO
As you can imagine, this procedure is wide open to SQL injection attacks.
回答2:
Any type of app, including windows desktop app, can be SQL injected. The issue is how user input is treated in a SQL query/proc, not the app type.
If you can access the database directly, best bet is using a database monitoring tool, such as SQL Server Profiler. You can try a "penetration test" by essentially SQL injecting your app and observing the resulting query in Profiler, as well as results in the database.
来源:https://stackoverflow.com/questions/40602427/can-windows-app-be-vulnerable-to-sql-injection