From 792e4b6d5f7e311c2219e839743c401640c93954 Mon Sep 17 00:00:00 2001 From: Orestes Date: Wed, 14 Mar 2018 12:50:01 +0000 Subject: [PATCH] Fix typo and stuff --- SQL Injection Vulnerabilities.sql | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/SQL Injection Vulnerabilities.sql b/SQL Injection Vulnerabilities.sql index 83a9d53..7bcae37 100644 --- a/SQL Injection Vulnerabilities.sql +++ b/SQL Injection Vulnerabilities.sql @@ -1,8 +1,8 @@ -- https://github.com/bertwagner/SQLServer/blob/master/SQL%20Injection%20Vulnerabilities.sql -- How to search your database for SQL Injection vulnerabilities --- It's very difficult to find with 100% accuracy vulnerabilities, but we can do our best --- Searches stored procedures, udfs, views for parameter plus + sign for concatenation as well as exec or usp_exec +-- It's very difficult to find vulnerabilities with 100% accuracy, but we can try our best. +-- Searches stored procedures, udfs, views for parameter and "+" sign for concatenation, as well as "exec" or "usp_exec" -- check for things that don't use quotename -- Why is finding vulnerabilities important? Because at the end of the day, if data is lost or leaked, you are the one to blame. @@ -33,14 +33,13 @@ WHERE CHAR(12),''),CHAR(13),''),CHAR(14),''),CHAR(160),''),' ','') LIKE '%+@%' AND - ( -- Only if executes a dynamic string + ( -- Only if it executes a dynamic string r.Definition LIKE '%EXEC(%' OR r.Definition LIKE '%EXECUTE%' OR r.Definition LIKE '%sp_executesql%' ); - --- Search for parameters that look like they could hvae injection values in them +-- Search for parameters that look like they could have injection values in them! WITH XMLNAMESPACES (DEFAULT 'http://schemas.microsoft.com/sqlserver/2004/07/showplan')