ASP SQL Injection Example Code

Wednesday

Aug182010

Wednesday, August 18, 2010 at 12:00PM

I had to search high and low for ASP code that was injectable to test some code out and I didn't want to loose the link or the code so here are both:

http://articles.sitepoint.com/article/sql-injection-attacks-safe

<%

dim userName, password, query
dim conn, rS

userName = Request.Form("userName")
password = Request.Form("password")

set conn = server.createObject("ADODB.Connection")
set rs = server.createObject("ADODB.Recordset")

query = "select count(*) from users where userName='" &
userName & "' and userPass='" & password & "'"

conn.Open "Provider=SQLOLEDB; Data Source=(local);
Initial Catalog=myDB; User Id=sa; Password="
rs.activeConnection = conn
rs.open query

if not rs.eof then
response.write "Logged In"
else
response.write "Bad Credentials"
end if

%>

Rob Fuller |

1 Comment |

View Printer Friendly Version

Email Article to Friend

Reader Comments (1)

thanks for the code mubix

September 14, 2010 |

k0n$0l3

Post a New Comment

Enter your information below to add a new comment.

My response is on my own website »

Author:

Author Email (optional):

Author URL (optional):

Post:

↓ | ↑

Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Room362.com