Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Safe or Unsafe stored procedure?
Posted by: dangerbear
Date: March 27, 2012 09:52AM

So, I know stored procedures are still vulnerable to SQLi if the parameters are concatenated so I was wondering if the var1 variable in this string is vulnerable to injection:
AND ([var1] LIKE '%' + @var1 + '%')

Options: ReplyQuote
Re: Safe or Unsafe stored procedure?
Posted by: Reiners
Date: March 30, 2012 07:41AM

yes (if you can taint it)

Options: ReplyQuote


Go to: Forum ListMessage ListSearchLog In
Sorry, only registered users may post in this forum.
Click here to login

Falling Rock Networks

sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle. *