Submit Search
Upload
Java SQL Injection
•
0 likes
•
196 views
H
Hsi-Min Chen
Follow
避免 SQL injection
Read less
Read more
Software
Report
Share
Report
Share
1 of 4
Download now
Download to read offline
Recommended
Pci compliance writing secure code
Pci compliance writing secure code
Miva
persentation
persentation
vinaykumarmahla
شهادات تاهلية1
شهادات تاهلية1
Salem Salem
Security in cloud
Security in cloud
vikash4225
How to Install SQL 2008 Failover Cluster in Windows 2008
How to Install SQL 2008 Failover Cluster in Windows 2008
Mário Macedo de Souza Jr
PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014
Haitham Raik
Userpasswrd
Userpasswrd
oracle documents
Top 5 Things To Monitor as a SQL Server DBA
Top 5 Things To Monitor as a SQL Server DBA
Edwin M Sarmiento
Recommended
Pci compliance writing secure code
Pci compliance writing secure code
Miva
persentation
persentation
vinaykumarmahla
شهادات تاهلية1
شهادات تاهلية1
Salem Salem
Security in cloud
Security in cloud
vikash4225
How to Install SQL 2008 Failover Cluster in Windows 2008
How to Install SQL 2008 Failover Cluster in Windows 2008
Mário Macedo de Souza Jr
PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014
Haitham Raik
Userpasswrd
Userpasswrd
oracle documents
Top 5 Things To Monitor as a SQL Server DBA
Top 5 Things To Monitor as a SQL Server DBA
Edwin M Sarmiento
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
gmaran23
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019
Sean Jackson
PCI Security Requirements - secure coding
PCI Security Requirements - secure coding
Haitham Raik
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgery
Nikola Milosevic
Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might think
Erlend Oftedal
OWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum
Mule security-jaas
Mule security-jaas
Praneethchampion
OWASP top ten
OWASP top ten
Chris Ballance
Basic java for Android Developer
Basic java for Android Developer
Nattapong Tonprasert
Java basic
Java basic
Arati Gadgil
Basic java tutorial
Basic java tutorial
Pedro De Almeida
02 basic java programming and operators
02 basic java programming and operators
Danairat Thanabodithammachari
Java Basic Oops Concept
Java Basic Oops Concept
atozknowledge .com
php basic
php basic
zalatarunk
Java Tutorial
Java Tutorial
Vijay A Raj
Dependency Injection with PHP 5.3
Dependency Injection with PHP 5.3
Fabien Potencier
Code injection
Code injection
Gayatri Patel
Full MSSQL Injection PWNage
Full MSSQL Injection PWNage
Prathan Phongthiproek
Ppt on sql injection
Ppt on sql injection
ashish20012
Sql injection
Sql injection
Nuruzzaman Milon
Php Security - OWASP
Php Security - OWASP
Mizno Kruge
Web application security
Web application security
www.netgains.org
More Related Content
What's hot
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
gmaran23
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019
Sean Jackson
PCI Security Requirements - secure coding
PCI Security Requirements - secure coding
Haitham Raik
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgery
Nikola Milosevic
Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might think
Erlend Oftedal
OWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum
Mule security-jaas
Mule security-jaas
Praneethchampion
OWASP top ten
OWASP top ten
Chris Ballance
What's hot
(8)
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019
PCI Security Requirements - secure coding
PCI Security Requirements - secure coding
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgery
Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might think
OWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum Top 10 A3 - 6th meeting
Mule security-jaas
Mule security-jaas
OWASP top ten
OWASP top ten
Viewers also liked
Basic java for Android Developer
Basic java for Android Developer
Nattapong Tonprasert
Java basic
Java basic
Arati Gadgil
Basic java tutorial
Basic java tutorial
Pedro De Almeida
02 basic java programming and operators
02 basic java programming and operators
Danairat Thanabodithammachari
Java Basic Oops Concept
Java Basic Oops Concept
atozknowledge .com
php basic
php basic
zalatarunk
Java Tutorial
Java Tutorial
Vijay A Raj
Dependency Injection with PHP 5.3
Dependency Injection with PHP 5.3
Fabien Potencier
Viewers also liked
(8)
Basic java for Android Developer
Basic java for Android Developer
Java basic
Java basic
Basic java tutorial
Basic java tutorial
02 basic java programming and operators
02 basic java programming and operators
Java Basic Oops Concept
Java Basic Oops Concept
php basic
php basic
Java Tutorial
Java Tutorial
Dependency Injection with PHP 5.3
Dependency Injection with PHP 5.3
Similar to Java SQL Injection
Code injection
Code injection
Gayatri Patel
Full MSSQL Injection PWNage
Full MSSQL Injection PWNage
Prathan Phongthiproek
Ppt on sql injection
Ppt on sql injection
ashish20012
Sql injection
Sql injection
Nuruzzaman Milon
Php Security - OWASP
Php Security - OWASP
Mizno Kruge
Web application security
Web application security
www.netgains.org
SQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
SQL Injection attack
SQL Injection attack
Rayudu Babu
Sql Injection V.2
Sql Injection V.2
Tjylen Veselyj
ASP.NET Web Security
ASP.NET Web Security
SharePointRadi
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
Pradeep Kumar
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
Ravindra Singh Rathore
Sql injection
Sql injection
Mehul Boghra
Sql injection
Sql injection
Safwan Hashmi
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Grand Parade Poland
SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
03. sql and other injection module v17
03. sql and other injection module v17
Eoin Keary
SQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington Beach
Jeff Prom
Sql injection
Sql injection
Mohit Shukla
Introduction to SQL Injection
Introduction to SQL Injection
jpubal
Similar to Java SQL Injection
(20)
Code injection
Code injection
Full MSSQL Injection PWNage
Full MSSQL Injection PWNage
Ppt on sql injection
Ppt on sql injection
Sql injection
Sql injection
Php Security - OWASP
Php Security - OWASP
Web application security
Web application security
SQL injection prevention techniques
SQL injection prevention techniques
SQL Injection attack
SQL Injection attack
Sql Injection V.2
Sql Injection V.2
ASP.NET Web Security
ASP.NET Web Security
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
Sql injection
Sql injection
Sql injection
Sql injection
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
SQL Injections (Part 1)
SQL Injections (Part 1)
03. sql and other injection module v17
03. sql and other injection module v17
SQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington Beach
Sql injection
Sql injection
Introduction to SQL Injection
Introduction to SQL Injection
Recently uploaded
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
Ortus Solutions, Corp
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
MyIntelliSource, Inc.
MYjobs Presentation Django-based project
MYjobs Presentation Django-based project
AnoyGreter
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
umasea
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
AxelRicardoTrocheRiq
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
gurkirankumar98700
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
Power Karaoke
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
Tier1 app
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
stazi3110
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
Philip Schwarz
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
OPEN KNOWLEDGE GmbH
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio, Inc.
Asset Management Software - Infographic
Asset Management Software - Infographic
Hr365.us smith
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
VICTOR MAESTRE RAMIREZ
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Christina Lin
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
OnePlan Solutions
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Ahmed Mohamed
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
kotipi9215
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
Christina Lin
Recently uploaded
(20)
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
MYjobs Presentation Django-based project
MYjobs Presentation Django-based project
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Asset Management Software - Infographic
Asset Management Software - Infographic
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
Java SQL Injection
1.
© 2016 Software
Engineering Consortium SQL的查詢陳述中注入惡意的程式片段造成資料的外洩或修改 假設系統使用下列SQL陳述查詢資料庫以判斷合法使用者 若有回傳任何結果,則表示認證成功,反之認證失敗 避免 SQL injection 1 SELECT * FROM db_user WHERE username='<USERNAME>' AND password='<PASSWORD>'
2.
© 2016 Software
Engineering Consortium 假設惡意攻擊者可以任意輸入<USERNAME>與<PASSWORD> 透過修改下列<USERNAME>可成功通過認證檢查 透過修改下列<PASSWORD>可成功通過認證檢查 避免 SQL injection 2 SELECT * FROM db_user WHERE username='validuser' OR '1'='1' AND password='<PASSWORD>' validuser' OR '1'='1 SELECT * FROM db_user WHERE username='<USERNAME>' AND password='' OR '1'='1' ' OR '1'='1
3.
© 2016 Software
Engineering Consortium 缺陷程式碼範例 避免 SQL injection 3 public void doPrivilegedAction(String username, char[] password) throws SQLException { Connection connection = getConnection(); if (connection == null) { // Handle error } try { String pwd = hashPassword(password); String sqlString = "SELECT * FROM db_user WHERE username = '" + username + "' AND password = '" + pwd + "'"; Statement stmt = connection.createStatement(); ResultSet rs = stmt.executeQuery(sqlString); // Authenticated; proceed } finally { try { connection.close(); } catch (SQLException x) { // Forward to handler } }}}
4.
© 2016 Software
Engineering Consortium 預防作法 PreparedStatement 避免 SQL injection 4 String sqlString = "select * from db_user where username=? and password=?"; PreparedStatement stmt = connection.prepareStatement(sqlString); stmt.setString(1, username); stmt.setString(2, pwd); ResultSet rs = stmt.executeQuery();
Download now