Open in app

Sign in

Write

Sign in

Mastodon

#3 SQL Injection — Secure Code Explain

Piyush Kumawat (securitycipher)
Nov 3, 2023

--

🥺 Vulnerable Code

Here is an example of Java code that is vulnerable to SQL Injection attack on productId parameter:

String productId = request.getParameter("id");
String query = "SELECT * FROM products WHERE id = " + productId;

Statement st = connection.createStatement();
ResultSet rs = st.executeQuery(query);

while (rs.next()) {
String name = rs.getString("name");
String description = rs.getString("description");
// display product details
}

This code is vulnerable to SQL injection attacks because it is directly concatenating user input (the “productId” parameter) into the SQL query string. An attacker could input a malicious value for the “productId” parameter that modifies the SQL query in unintended ways, such as adding additional clauses or comments.

😎 Secure Code

SQL Injection

Here is an example of vulnerable code and secure code that is susceptible to SQL Injection attack.

securitycipher.com

#securecode #securecodeseries #bugbounty

Bug Bounty
Technology
Security
Cybersecurity
Code

--

--

Piyush Kumawat (securitycipher)
Piyush Kumawat (securitycipher)

Written by Piyush Kumawat (securitycipher)

1.1K Followers
67 Following

🔒 Freelance Penetration Tester 🔒 Penetration tester by day, bug bounty hunter by night. https://securitycipher.com/services

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams