spring.application.admin.enabled μμ±μ μ§μ νμ¬ μμ© νλ‘κ·Έλ¨μ κ΄λ¦¬ κ΄λ ¨ κΈ°λ₯μ νμ±νν μ μμ΅λλ€. μ΄λ κ² νλ©΄ MBeanServer νλ«νΌμμ SpringApplicationAdminMXBeanμ΄ λ
ΈμΆλ©λλ€. κ°λ°μλ μ΄ κΈ°λ₯μ μ¬μ©νμ¬ μ격μΌλ‘ Spring Boot μμ© νλ‘κ·Έλ¨μ κ΄λ¦¬ν μ μμ§λ§ μ΄ κΈ°λ₯μ μ격 JMX λμ μ ννλ‘ μΆκ° 곡격 νλ©΄μ λ
ΈμΆν©λλ€. MBeanServerμ ꡬμ±μ λ°λΌ MBeanμ λ‘컬 λλ μ격μΌλ‘ λ
ΈμΆλ μ μμΌλ©° μΈμ¦μ μꡬνκ±°λ μꡬνμ§ μμ μ μμ΅λλ€. μ΅μ
μ κ²½μ° κ³΅κ²©μλ μΈμ¦ μμ΄ μμ© νλ‘κ·Έλ¨μ μ’
λ£νλ κ²μ ν¬ν¨νμ¬ μ격μΌλ‘ μμ© νλ‘κ·Έλ¨μ κ΄λ¦¬ν μ μμ΅λλ€. μ΅μμ κ²½μ° μλΉμ€λ μλ²λ₯Ό 보νΈνλ λ° μ¬μ©λλ μ격 μ¦λͺ
λ§νΌ κ°λ ₯ν΄μ§λλ€.spring-boot-devtoolsλ₯Ό νμ±ννλ κ²μ 보μ μνμ
λλ€. μ΄μ λ°°ν¬μμλ μ§μμ νμ±ννλ©΄ μ λ©λλ€."
endpoints.shutdown.enabled=true
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.0"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="true">
...
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>false</param-value>
</context-param>
...
</web-app>
<http auto-config="true">
...
<intercept-url pattern="/app/admin" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="permitAll" />
</http>
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
<http auto-config="true">
...
<headers disabled="true"/>
...
</http>
Ant κ²½λ‘ μμΌλ‘ λμ λ³΄νΈ λ°©λ²μ μ§μ νμ΅λλ€./admin" Ant κ²½λ‘ μκ³Ό μΌμΉνλ λͺ¨λ λμ μ μ‘μΈμ€νλ €λ©΄ κ΄λ¦¬μ κΆνμ΄ μμ΄μΌ ν©λλ€.
<http auto-config="true">
...
<intercept-url pattern="/app/admin" access="ROLE_ADMIN" />
...
<intercept-url pattern="/**" access="permitAll" />
</http>
Accept ν€λλ₯Ό μ¬μ©νκ±°λ, νμ₯μλ₯Ό ν΅ν΄ μνλ μ½ν
νΈ μ νμ μ§μ νμ¬ λ¦¬μμ€λ₯Ό μνλ λ°©μμΌλ‘ μ§μ ν μ μμ΅λλ€. μλ₯Ό λ€μ΄ /admin.jsonμΌλ‘ μμ²μ λ³΄λ΄ /admin 리μμ€λ₯Ό JSON λ¬Έμλ‘ μμ²ν μ μμ΅λλ€.Ant κ²½λ‘ μμ μ½ν
νΈ νμ νμ₯μ μ€λͺ
νμ§ μμΌλ―λ‘ μμ²μ΄ /admin μκ³Ό μΌμΉνμ§ μκ³ λμ μ΄ λ³΄νΈλμ§ μμ΅λλ€.anyRequest(). anyRequest() μ νκΈ°λ₯Ό μ¬μ©νλ ν΄λ°± κ²μ¬λ₯Ό μ μνμ§ λͺ»νλ©΄ λμ μ΄ λ³΄νΈλμ§ μμ μ μμ΅λλ€.
<http auto-config="true">
<intercept-url pattern="/app/admin" access="ROLE_ADMIN" />
<intercept-url pattern="/" access="permitAll" />
</http>
Example 1μμ νμ¬ λλ λ―Έλμ λμ (μ: /admin/panel)μ΄ λ³΄νΈλμ§ μμ μ μμ΅λλ€.HttpFirewallμ FilterChainProxyμ ν¬ν¨νμ¬ ν΄λΉ μμ²μ μ νν μ μμΌλ©°, νν° μ²΄μΈμ ν΅ν΄ μμ²μ 보λ΄κΈ° μ μ μ²λ¦¬ν©λλ€. Spring Securityλ κΈ°λ³Έμ μΌλ‘ StrictHttpFirewall ꡬνμ μ¬μ©ν©λλ€.%2F λ° ; λ¬Έμλ₯Ό νμ©ν©λλ€.
<beans:bean id="httpFirewall" class="org.springframework.security.web.firewall.StrictHttpFirewall" p:allowSemicolon="true" p:allowUrlEncodedSlash="true"/>
AUTHID CURRENT_USER ν¨ν€μ§μμ μλ³μλ λ¨Όμ νμ¬ μ¬μ©μμ μ€ν€λ§μ λν΄ νμΈλ©λλ€. κ·Έλ¬λ©΄ μλ³μκ° μν΄ μλ μ€ν€λ§λ₯Ό μ½λμ μ μμκ° λͺ
μμ μΌλ‘ λ°νμ§ μλ κ²½μ° μκΈ°μΉ λͺ»ν λμμ΄ λ°μν μ μμ΅λλ€.SYS.PERMISSIONSμ λν μ½κΈ° κΆνλ§ μμΌλ©° μ μλ κΆνμ μμ ν μ μμ΅λλ€.
CREATE or REPLACE FUNCTION check_permissions(
p_name IN VARCHAR2, p_action IN VARCHAR2)
RETURN BOOLEAN
AUTHID CURRENT_USER
IS
r_count NUMBER;
perm BOOLEAN := FALSE;
BEGIN
SELECT count(*) INTO r_count FROM PERMISSIONS
WHERE name = p_name AND action = p_action;
IF r_count > 0 THEN
perm := TRUE;
END IF;
RETURN perm;
END check_permissions
check_permissions ν¨μλ₯Ό νΈμΆνλ μ¬μ©μκ° ν΄λΉ μ€ν€λ§μμ PERMISSIONS ν
μ΄λΈμ μ μνλ κ²½μ°, λ°μ΄ν°λ² μ΄μ€μμ μλ³μλ λ‘컬 ν
μ΄λΈμ μ°Έμ‘°ν©λλ€. μ¬μ©μλ μ ν
μ΄λΈμ λν μ°κΈ° κΆνμ΄ μμΌλ©° μλλ μλ κΆνμ μ»λλ‘ μμ ν μ μμ΅λλ€.
...
v_account = request->get_form_field( 'account' ).
v_reference = request->get_form_field( 'ref_key' ).
CONCATENATE `user = '` sy-uname `'` INTO cl_where.
IF v_account IS NOT INITIAL.
CONCATENATE cl_where ` AND account = ` v_account INTO cl_where SEPARATED BY SPACE.
ENDIF.
IF v_reference IS NOT INITIAL.
CONCATENATE cl_where "AND ref_key = `" v_reference "`" INTO cl_where.
ENDIF.
SELECT *
FROM invoice_items
INTO CORRESPONDING FIELDS OF TABLE itab_items
WHERE (cl_where).
...
SELECT *
FROM invoice_items
INTO CORRESPONDING FIELDS OF TABLE itab_items
WHERE user = sy-uname
AND account = <account>
AND ref_key = <reference>.
"abc` OR MANDT NE `+" λ¬Έμμ΄μ μ
λ ₯νκ³ v_accountμ '1000' λ¬Έμμ΄μ μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΅λλ€.
SELECT *
FROM invoice_items
INTO CORRESPONDING FIELDS OF TABLE itab_items
WHERE user = sy-uname
AND account = 1000
AND ref_key = `abc` OR MANDT NE `+`.
OR MANDT NE `+` 쑰건μ μΆκ°ν¨μΌλ‘μ¨ ν΄λΌμ΄μΈνΈ νλλ 리ν°λ΄ +μ λμΌν μ μμΌλ―λ‘ WHERE μ μ΄ νμ trueκ° λ©λλ€. λ°λΌμ 쿼리λ λ€μκ³Ό κ°μ ν¨μ¬ λ¨μν 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM invoice_items
INTO CORRESPONDING FIELDS OF TABLE itab_items.
invoice_items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.
PARAMETERS: p_street TYPE string,
p_city TYPE string.
Data: v_sql TYPE string,
stmt TYPE REF TO CL_SQL_STATEMENT.
v_sql = "UPDATE EMP_TABLE SET ".
"Update employee address. Build the update statement with changed details
IF street NE p_street.
CONCATENATE v_sql "STREET = `" p_street "`".
ENDIF.
IF city NE p_city.
CONCATENATE v_sql "CITY = `" p_city "`".
ENDIF.
l_upd = stmt->execute_update( v_sql ).
"ABC` SALARY = `1000000" κ°μ λ¬Έμμ΄μ μ
λ ₯νλ€λ©΄ μμ© νλ‘κ·Έλ¨μ λ³κ²½λ μκΈμΌλ‘ λ°μ΄ν°λ² μ΄μ€λ₯Ό μ
λ°μ΄νΈνλλ‘ νμ©ν©λλ€.
...
var params:Object = LoaderInfo(this.root.loaderInfo).parameters;
var username:String = String(params["username"]);
var itemName:String = String(params["itemName"]);
var query:String = "SELECT * FROM items WHERE owner = " + username + " AND itemname = " + itemName;
stmt.sqlConnection = conn;
stmt.text = query;
stmt.execute();
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
ownerκ° μΌμΉνλ νλͺ©λ§ νμνλλ‘ μ νν©λλ€.
...
string userName = ctx.getAuthenticatedUserName();
string query = "SELECT * FROM items WHERE owner = '"
+ userName + "' AND itemname = '"
+ ItemName.Text + "'";
sda = new SqlDataAdapter(query, conn);
DataTable dt = new DataTable();
sda.Fill(dt);
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'); DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
μμ 2:SQLiteμμ λ€μ μ½λλ₯Ό μ¬μ©νλ κ²½μ°μλ μ μ¬ν κ²°κ³Όλ₯Ό μ»μ μ μμ΅λλ€.
...
ctx.getAuthUserName(&userName); {
CString query = "SELECT * FROM items WHERE owner = '"
+ userName + "' AND itemname = '"
+ request.Lookup("item") + "'";
dbms.ExecuteSQL(query);
...
...
sprintf (sql, "SELECT * FROM items WHERE owner='%s' AND itemname='%s'", username, request.Lookup("item"));
printf("SQL to execute is: \n\t\t %s\n", sql);
rc = sqlite3_exec(db,sql, NULL,0, &err);
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'); DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
...
ACCEPT USER.
ACCEPT ITM.
MOVE "SELECT * FROM items WHERE owner = '" TO QUERY1.
MOVE "' AND itemname = '" TO QUERY2.
MOVE "'" TO QUERY3.
STRING
QUERY1, USER, QUERY2, ITM, QUERY3 DELIMITED BY SIZE
INTO QUERY
END-STRING.
EXEC SQL
EXECUTE IMMEDIATE :QUERY
END-EXEC.
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itmμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό 보μ¬μ€λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
...
<cfquery name="matchingItems" datasource="cfsnippets">
SELECT * FROM items
WHERE owner='#Form.userName#'
AND itemId=#Form.ID#
</cfquery>
...
SELECT * FROM items
WHERE owner = <userName>
AND itemId = <ID>;
Form.IDμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° Form.IDμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemId = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ hackerμΈ κ³΅κ²©μκ° Form.IDμ λ¬Έμμ΄ "hacker'); DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'hacker'
AND itemId = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'hacker'
AND itemId = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
...
final server = await HttpServer.bind('localhost', 18081);
server.listen((request) async {
final headers = request.headers;
final userName = headers.value('userName');
final itemName = headers.value('itemName');
final query = "SELECT * FROM items WHERE owner = '"
+ userName! + "' AND itemname = '"
+ itemName! + "'";
db.query(query);
}
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ name' OR 'a'='aλ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°λκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ λ¨μν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
...
rawQuery := request.URL.Query()
username := rawQuery.Get("userName")
itemName := rawQuery.Get("itemName")
query := "SELECT * FROM items WHERE owner = " + username + " AND itemname = " + itemName + ";"
db.Exec(query)
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ name' OR 'a'='aλ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°λκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ λ¨μν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'; DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
...
String userName = ctx.getAuthenticatedUserName();
String itemName = request.getParameter("itemName");
String query = "SELECT * FROM items WHERE owner = '"
+ userName + "' AND itemname = '"
+ itemName + "'";
ResultSet rs = stmt.execute(query);
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
Example 1μ Android νλ«νΌμ λ§κ² μ‘°μ ν©λλ€.
...
PasswordAuthentication pa = authenticator.getPasswordAuthentication();
String userName = pa.getUserName();
String itemName = this.getIntent().getExtras().getString("itemName");
String query = "SELECT * FROM items WHERE owner = '"
+ userName + "' AND itemname = '"
+ itemName + "'";
SQLiteDatabase db = this.openOrCreateDatabase("DB", MODE_PRIVATE, null);
Cursor c = db.rawQuery(query, null);
...
...
var username = document.form.username.value;
var itemName = document.form.itemName.value;
var query = "SELECT * FROM items WHERE owner = " + username + " AND itemname = " + itemName + ";";
db.transaction(function (tx) {
tx.executeSql(query);
}
)
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
...
$userName = $_SESSION['userName'];
$itemName = $_POST['itemName'];
$query = "SELECT * FROM items WHERE owner = '$userName' AND itemname = '$itemName';";
$result = mysql_query($query);
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
procedure get_item (
itm_cv IN OUT ItmCurTyp,
usr in varchar2,
itm in varchar2)
is
open itm_cv for ' SELECT * FROM items WHERE ' ||
'owner = '''|| usr || '''' ||
' AND itemname = ''' || itm || '''';
end get_item;
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itmμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό 보μ¬μ€λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
...
userName = req.field('userName')
itemName = req.field('itemName')
query = "SELECT * FROM items WHERE owner = ' " + userName +" ' AND itemname = ' " + itemName +"';"
cursor.execute(query)
result = cursor.fetchall()
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
...
userName = getAuthenticatedUserName()
itemName = params[:itemName]
sqlQuery = "SELECT * FROM items WHERE owner = '#{userName}' AND itemname = '#{itemName}'"
rs = conn.query(sqlQuery)
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.
...
id = params[:id]
itemName = Mysql.escape_string(params[:itemName])
sqlQuery = "SELECT * FROM items WHERE id = #{userName} AND itemname = '#{itemName}'"
rs = conn.query(sqlQuery)
...
SELECT * FROM items WHERE id=<id> AND itemname = <itemName>;
itemName λ΄λΆμ λ¨μΌ μΈμ©μ μ§μ νμ¬ SQL injection μ·¨μ½μ μ λ°©μ§ν κ²μ λ³Ό μ μμ΅λλ€. νμ§λ§ Rubyλ μ μ μΌλ‘ μ ν μ§μ λλ μΈμ΄κ° μλκΈ° λλ¬Έμ, idκ° λͺ κ°μ§ λ³νμ κ°μ§λ μ μμΌ κ²μΌλ‘ μμνλλΌλ μ¬μ©μ μ
λ ₯μμ ν λΉλ λ μ«μλΌλ 보μ₯μ΄ μμ΅λλ€. idκ° μ€μ λ‘ μ«μμΈμ§ κ²μ¬νμ§ μκΈ° λλ¬Έμ 곡격μκ° id κ°μ 1 OR id!=1--λ‘ λ³κ²½ν μ μλ€λ©΄ μ΄μ SQL 쿼리λ λ€μκ³Ό κ°μ΄ λ©λλ€.
SELECT * FROM items WHERE id=1 OR id!=1-- AND itemname = 'anyValue';
SELECT * FROM items WHERE id=1 OR id!=1;
idμ κ°μ΄ 1μ΄κ±°λ 1μ΄ μλ λͺ¨λ κ²μ μ ννλλ° μ΄λ λΉμ°ν ν
μ΄λΈ λ΄μ λͺ¨λ κ²μ ν΄λΉν©λλ€.
def doSQLQuery(value:String) = Action.async { implicit request =>
val result: Future[Seq[User]] = db.run {
sql"select * from users where name = '#$value'".as[User]
}
...
}
SELECT * FROM users
WHERE name = <userName>
userNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° userNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM users
WHERE name = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°λκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ λ¨μν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM users;
users ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.ownerκ° νμ¬ μΈμ¦λ μ¬μ©μμ μ΄λ¦κ³Ό μΌμΉνλ νλͺ©μΌλ‘ μ νν©λλ€.
...
let queryStatementString = "SELECT * FROM items WHERE owner='\(username)' AND itemname='\(item)'"
var queryStatement: OpaquePointer? = nil
if sqlite3_prepare_v2(db, queryStatementString, -1, &queryStatement, nil) == SQLITE_OK {
if sqlite3_step(queryStatement) == SQLITE_ROW {
...
}
}
...
SELECT * FROM items
WHERE owner = '<userName>'
AND itemname = '<itemName>'
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°λκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ λ¨μν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'); DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
...
username = Session("username")
itemName = Request.Form("itemName")
strSQL = "SELECT * FROM items WHERE owner = '"& userName &"' AND itemname = '" & itemName &"'"
objRecordSet.Open strSQL, strConnect, adOpenDynamic, adLockOptimistic, adCmdText
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
ownerκ° μΌμΉνλ νλͺ©λ§ νμνλλ‘ μ νν©λλ€.
...
string userName = ctx.getAuthenticatedUserName();
string queryString = "SELECT * FROM items WHERE owner = '"
+ userName + "' AND itemname = '"
+ ItemName.Text + "'";
SimpleQuery<Item> queryObject = new SimpleQuery(queryString);
Item[] items = (Item[])queryObject.Execute(query);
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.
...
String userName = ctx.getAuthenticatedUserName();
String itemName = request.getParameter("itemName");
String query = "FROM items WHERE owner = '"
+ userName + "' AND itemname = '"
+ itemName + "'";
List items = sess.createQuery(query).list();
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
# λ¬Έμλ₯Ό μ¬μ©νμ¬ μ μλ©λλ€.
<select id="getItems" parameterClass="MyClass" resultClass="items">
SELECT * FROM items WHERE owner = #userName#
</select>
# λ¬Έμλ iBatisκ° userName λ³μλ₯Ό μ¬μ©νμ¬ λ§€κ° λ³μνλ 쿼리λ₯Ό λ§λλ κ²μ λνλ
λλ€. κ·ΈλΏλ§ μλλΌ iBatisλ $ λ¬Έμλ₯Ό μ¬μ©νμ¬ λ³μλ₯Ό SQL λ¬Έμ μ§μ μ°κ²°νλ κ²λ νμ©ν¨μΌλ‘μ¨ SQL Injectionμ κΈ°νλ₯Ό μ 곡ν©λλ€.
<select id="getItems" parameterClass="MyClass" resultClass="items">
SELECT * FROM items WHERE owner = #userName# AND itemname = '$itemName$'
</select>
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ name' OR 'a'='aλ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°λκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ λ¨μν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
...
String userName = ctx.getAuthenticatedUserName();
String itemName = request.getParameter("itemName");
String sql = "SELECT * FROM items WHERE owner = '"
+ userName + "' AND itemname = '"
+ itemName + "'";
Query query = pm.newQuery(Query.SQL, sql);
query.setClass(Person.class);
List people = (List)query.execute();
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
ownerκ° μΌμΉνλ νλͺ©λ§ νμνλλ‘ μ νν©λλ€.
...
string userName = ctx.getAuthenticatedUserName();
string query = "SELECT * FROM items WHERE owner = '"
+ userName + "' AND itemname = '"
+ ItemName.Text + "'";
var items = dataContext.ExecuteCommand<Item>(query);
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'); DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
# λ¬Έμλ₯Ό μ¬μ©νμ¬ μ μλ©λλ€.
<select id="getItems" parameterType="domain.company.MyParamClass" resultType="MyResultMap">
SELECT *
FROM items
WHERE owner = #{userName}
</select>
# λ¬Έμλ MyBatisκ° userName λ³μλ₯Ό μ¬μ©νμ¬ λ§€κ° λ³μνλ 쿼리λ₯Ό λ§λλ κ²μ λνλ
λλ€. λΏλ§ μλλΌ MyBatisλ $ λ¬Έμλ₯Ό μ¬μ©νμ¬ λ³μλ₯Ό SQL λ¬Έμ μ§μ μ°κ²°νλ κ²λ νμ©ν¨μΌλ‘μ¨ SQL Injectionμ κΈ°νλ₯Ό μ 곡ν©λλ€.
<select id="getItems" parameterType="domain.company.MyParamClass" resultType="MyResultMap">
SELECT *
FROM items
WHERE owner = #{userName}
AND itemname = ${itemName}
</select>
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ name' OR 'a'='aλ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ WHERE μ μ΄ νμ trueλ‘ νκ°λκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ λ¨μν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'); DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
ownerκ° μΌμΉνλ νλͺ©λ§ νμνλλ‘ μ νν©λλ€.
...
string userName = ctx.GetAuthenticatedUserName();
string query = "SELECT * FROM items WHERE owner = '"
+ userName + "' AND itemname = '"
+ ItemName.Text + "'";
List items = sess.CreateSQLQuery(query).List();
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
ItemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° ItemNameμ λ¬Έμμ΄ "name' OR 'a'='a"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°νκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ κ°λ¨ν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.
SELECT * FROM items;
items ν
μ΄λΈμ μ μ₯λ λͺ¨λ νλͺ©μ λ°νν©λλ€.Example 1μμ μμ±νμ¬ μνν 쿼리μ λ λ€λ₯Έ μ
μ± κ°μ΄ μ λ¬λ λμ κ²°κ³Όλ₯Ό κ²ν ν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° ItemNameμ λ¬Έμμ΄ "name'; DELETE FROM items; --"λ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ λ κ°μ μΏΌλ¦¬κ° λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
--'
Example 1μμ λ³Έ κ²κ³Ό μ μ¬ν μμμλ₯Ό μ¬μ©νλ©΄ λλΆλΆμ κ³΅κ²©μ΄ ν¨κ³Όλ₯Ό κ±°λ μ μμ΅λλ€. 곡격μκ° λ¬Έμμ΄ "name'; DELETE FROM items; SELECT * FROM items WHERE 'a'='a"λ₯Ό μ
λ ₯νμ¬ λ€μ μΈ κ°μ§ μ ν¨ν λ¬Έμ λ§λλ κ²½μ°μ
λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';
ownerκ° νμ¬ μΈμ¦λ μ¬μ©μμ μ΄λ¦κ³Ό μΌμΉνλ νλͺ©μΌλ‘ μ νν©λλ€.
...
string userName = identity.User;
string itemName = apiGatewayProxyRequest.QueryStringParameters['item'];
string statement = $"SELECT * FROM items WHERE owner = '{userName}' AND itemname = '{itemName}'";
var executeStatementRequest = new ExecuteStatementRequest();
executeStatementRequest.Statement = statement;
var executeStatementResponse = await dynamoDBClient.ExecuteStatementAsync(executeStatementRequest);
return displayResults(executeStatementResponse.Items);
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ name' OR 'a'='aλ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°λκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ λ¨μν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.ownerκ° νμ¬ μΈμ¦λ μ¬μ©μμ μ΄λ¦κ³Ό μΌμΉνλ νλͺ©μΌλ‘ μ νν©λλ€.
...
String userName = identity.getUser();
String itemName = apiGatewayProxyRequest.getQueryStringParameters('item');
String statement = String.format("SELECT * FROM items WHERE owner = '%s' AND itemname = '%s'", userName, itemName);
ExecuteStatementRequest executeStatementRequest = new ExecuteStatementRequest();
executeStatementRequest.setStatement(statement);
ExecuteStatementResponse executeStatementResponse = dynamoDBClient.executeStatement(executeStatementRequest);
return displayResults(executeStatementResponse.items());
...
SELECT * FROM items
WHERE owner = <userName>
AND itemname = <itemName>;
itemNameμ μμλ°μ΄νκ° λ€μ΄ μμ§ μμ κ²½μ°μλ§ μ ννκ² λμν©λλ€. μ¬μ©μ μ΄λ¦μ΄ wileyμΈ κ³΅κ²©μκ° itemNameμ λ¬Έμμ΄ name' OR 'a'='aλ₯Ό μ
λ ₯νλ©΄ 쿼리λ λ€μκ³Ό κ°μ΄ μμ±λ©λλ€.
SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
OR 'a'='a' 쑰건μ μΆκ°νλ©΄ where μ μ΄ νμ trueλ‘ νκ°λκΈ° λλ¬Έμ 쿼리λ ν¨μ¬ λ¨μν λ€μ 쿼리μ λ
Όλ¦¬μ μΌλ‘ λμΌνκ² λ©λλ€.