Results 1 to 5 of 5
  1. #1
    Join Date
    Jan 2004
    Posts
    145

    Unanswered: SQL Injection techniques

    Hello,
    I apologize if this isn't the most appropriate place to ask but we have a SQL 2k server behind our website and we recently added a product review portion to our product pages. In the comments field in our db we are getting entries like:

    1. Online Pharmacy, [url=http://w
    2. iPb95U <a href="http://kmajvv (html tags are replaced in actual db)

    My question is why the cut off? I just converted the code from escaped quotes and string concat to a stored proc using ADO params. The first entry was submitted with the sproc and the second while the string concat was still being used. So the visitor must be purposely truncating the entry, but I'm curious as to why. Is it just to try and break the code?

    If anyone knows of better place to post questions like these, maybe a security forum, please let me know.

    Thanks
    GG
    Code:
    On Error Goto Hell
    
    Hell:
        Msgbox("An error occurred, but was sent to Hell. You may continue.")

  2. #2
    Join Date
    Jan 2003
    Location
    Massachusetts
    Posts
    5,799
    Provided Answers: 11
    Data truncation, is usually caused by a datatype that is too small to hold the value. Follow the data through all of the layers, and see if any of the variables were created too small. You can try to insert the string '1234567...." to see how long of a datatype you are looking for.

  3. #3
    Join Date
    Jan 2004
    Posts
    145
    MC,
    Thanks for the reply, but the field accepts a few thousand characters and there are many other comments that are much longer and not truncated.

    My first concern when I was using string concat is that there was actual data being submitted after the truncated text which was executing or just disappearing, but now that I changed it to use a stored proc and am still getting the truncated string it should mean the user is intentionally truncating the string.
    GG
    Code:
    On Error Goto Hell
    
    Hell:
        Msgbox("An error occurred, but was sent to Hell. You may continue.")

  4. #4
    Join Date
    Nov 2002
    Location
    Jersey
    Posts
    10,322
    Sure....use sprocs
    Brett
    8-)

    It's a Great Day for America everybody!

    dbforums Yak CorralRadio 'Rita
    dbForums Member List
    I'm Good Once as I ever was

    The physical order of data in a database has no meaning.

  5. #5
    Join Date
    Jul 2003
    Location
    San Antonio, TX
    Posts
    3,662
    Can you post the procedure that does the INSERT?
    "The data in a record depends on the Key to the record, the Whole Key, and
    nothing but the Key, so help me Codd."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •