{"id":345,"date":"2007-10-27T08:59:21","date_gmt":"2007-10-27T07:59:21","guid":{"rendered":"http:\/\/soci.hu\/blog\/index.php\/2007\/10\/27\/sql-injection\/"},"modified":"2007-10-29T09:40:20","modified_gmt":"2007-10-29T08:40:20","slug":"sql-injection","status":"publish","type":"post","link":"https:\/\/soci.hu\/blog\/index.php\/2007\/10\/27\/sql-injection\/","title":{"rendered":"UPDATE: SQL Injection? – NEM"},"content":{"rendered":"

http:\/\/www.cegtudor.hu\/Alkategoria.aspx?varos=%C3%89rd&alkategoriaid=232&alkategorianev=kis%20%C3%A9s%20nagyker<\/p>\n

Kimenet:
\nInput string was not in a correct format.
\nDescription: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.<\/p>\n

Exception Details: System.FormatException: Input string was not in a correct format.<\/p>\n

Source Error:<\/p>\n

Line 28: mySqlCommand2.CommandText = “UPDATE kategoria SET latogatok = latogatok + 1 WHERE (kategoriaid LIKE @kategoriaid);”;
\nLine 29: mySqlCommand2.Parameters.Add(“@kategoriaid”, SqlDbType.Int);
\nLine 30: mySqlCommand2.Parameters[“@kategoriaid”].Value = Convert.ToInt32(LabelKid.Text);
\nLine 31: mySqlCommand2.ExecuteNonQuery();
\nLine 32: mySqlConnection2.Close();<\/p>\n

Fura, mik vannak m\u00e9g a mai vil\u00e1gban. Persze, mivel a param\u00e9ter int, nem egyszer\u0171 a dolog, de val\u00f3sz\u00edn\u0171leg a t\u00f6bbi r\u00e9sz is \u00edgy van programozva.<\/p>\n

UPDATE: baroms\u00e1got besz\u00e9ltem. Param\u00e9teres a lek\u00e9rdez\u00e9s, teljesen j\u00f3l van megcsin\u00e1lva, \u00edgy nem lehet injekt\u00e1lni. Eln\u00e9z\u00e9st, hogy pelleng\u00e9rre \u00e1ll\u00edtottam, sz\u00f3lok az ikreknek, hogy adjanak t\u00f6bb id\u0151t aludni, addig is, nem blogolok t\u00f6bb h\u00fclyes\u00e9get. :) Sorry.<\/p>\n

Egy, ami nem sz\u00e9p, hogy debug m\u00f3dban van a k\u00f3d, \u00e9s a r\u00e9szletes hiba\u00fczenetek l\u00e1tszanak kifel\u00e9. Ez is kiindul\u00e1si alap lehet egy hacker r\u00e9sz\u00e9re.<\/p>\n","protected":false},"excerpt":{"rendered":"

http:\/\/www.cegtudor.hu\/Alkategoria.aspx?varos=%C3%89rd&alkategoriaid=232&alkategorianev=kis%20%C3%A9s%20nagyker Kimenet: Input string was not in a correct format. Description: An unhandled exception occurred during the execution of the current web…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,14,4,22],"tags":[],"class_list":["post-345","post","type-post","status-publish","format-standard","hentry","category-net","category-aspnet","category-szakmai-elet","category-security"],"_links":{"self":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts\/345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=345"}],"version-history":[{"count":0,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts\/345\/revisions"}],"wp:attachment":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}