SQL Server Stored Procedures: Vulnerabilities?

General technological topics without their own forum go here

SQL Server Stored Procedures: Vulnerabilities?

Post by m1k3st4rr on Wed Jun 16, 2010 7:08 pm
([msg=40203]see SQL Server Stored Procedures: Vulnerabilities?[/msg])

I just started learning about server stored procedures, and I am curious to know what sort of injection attacks they are vulnerable to.

For instance, say I have a website:

http://www.myurl.com/param1.param2.param3.html

and the following code is executed on the server:
Code: Select all
exec sp_MyFunction param1, param2, param3


Are there any ways to force the function to execute abnormally? For example, could the function be run several times with more than one set of parameters or multiple entries for a given parameter?

MyFunction cleans input so SQL commands like union, *, etc. are not a problem.
m1k3st4rr
New User
New User
 
Posts: 8
Joined: Fri Jun 04, 2010 12:25 pm
Blog: View Blog (0)


Return to General

Who is online

Users browsing this forum: No registered users and 0 guests