• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Knute Snortum
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Piet Souris
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

Make Vulnerable to SQL Injection

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys. After testing few of SQL injection in my login page, it seems the SQL injection doesn't work which is good things.
However now if I want to make my login page vulnerable to SQL injection, because one of my software security assignment task is to find out weaknesses of OWASP TOP 10 weaknesses from our own developed application.
Below is my login page code:

 
author & internet detective
Posts: 39399
763
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jack,
You need to have a SQL statement in your code in order to be vulnerable to SQL Injection. I know how to do this Java, but not C# so I googled.

It looks like the way to do that is with a SQLCommand class. Here's an example
 
Saloon Keeper
Posts: 10428
223
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It looks like you're using Entity Framework, which creates SQL queries itself and protects you from SQL injection attacks.

You have a different problem though. You are storing your users' passwords in the database. Don't store passwords, encrypted or not.

It's easiest if you add ASP.NET Identity to your OWIN pipeline. If you don't have OWIN, get an implementation like Katana.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!