Member Avatar for davy_yg

How to prevent Illegel/ Logically Incorrect Queries?

Illegal/Logically Incorrect Queries

1)Original
URL:http://www.arch.polimi.it/eventi/?id_nav=886
2)SQLInjection:
http:/`/www.arch.polimi.it/eventi/?id_nav=8864'
3) Error message showed:
SELECT name FROM Employee WHERE id =8864\' from
the message error we can find out name of table and fields:
name; Employee; id. By the gained information attacker can
arrange more strict attacks

Should I hide the error message into 404 - Error instead of showing all of them? or is there any other method to prevent this?

  • 2 Contributors
  • 1 Reply
  • 427 Views
  • 12 Hours Discussion Span
  • Latest Post Latest Post by rproffitt
Member Avatar for rproffitt

@D, how many posts/discussions do you have open on SQLIA? My answer is too many.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.