SQL Injection in a Non-Web Application

Question

Possible Duplicate:
Non-web SQL Injection

Does someone know of a good example of a SQL Injection vulnerability that isn't in a web application? What is the user input for this attack? I am looking for a real vulnerability, not speculation. The following picture is an example of a speculated attack.

alt text http://leonardoanceschi.files.wordpress.com/2008/05/mini.jpg

Is this car going to crash into the computer that is running the app? I don't know if there's protection against that. /ducks — Vivin Paliath, Apr 26 '10 at 16:39
why do you think there is a difference between web and non-web application? — Your Common Sense, Apr 26 '10 at 16:39

score 11 · Accepted Answer · answered Apr 26 '10 at 16:40

11

sql injection is available wherever sql queries are generated from input without any escaping of sensitive chars (eg '). therefore if you have a desktop app that takes a text input field and generates a sql query string using it, you could potentially have an injection attack vector.

it's got nothing to do with being in a web context.

answered Apr 26 '10 at 16:40

chris

9,745
1
27
27

Unfortunatlly this is not a vulnerability if the user has access to the database locally, such as a sqlite file. Perhaps if this was a kiosk. – rook Apr 26 '10 at 16:44
1

can you please clarify that? if the user has full access to the db then they probably won't need to use such a long-winded method to 'hack' the db, but that doesn't negate the fact that such a vulnerablity could still exist? – chris Apr 26 '10 at 16:46
What is a sql injection vulnerability to someone who already has administrative access to the database? Its the principal of the weakest link. I gave you a +1. – rook Apr 26 '10 at 16:52

score 5 · Answer 2 · edited Feb 08 '17 at 14:07

5

Well, I'm not sure this quite counts as real, but it seems reasonable to suppose that something not entirely unlike this could happen with a a field other than "name":

edited Feb 08 '17 at 14:07

Community

1
1

answered May 10 '11 at 04:32

SamB

9,039
5
49
56

score 4 · Answer 3 · answered Apr 26 '10 at 16:43

SQL Injection is more visible in web applications because they're public, but it has nothing to do with them in particular. Any time you don't parameterize your SQL queries, you're at risk for an injection attack.

If your console or WinForms application takes a username and selects from a database to see if the user exists, and it's done by concatenating strings to make a SQL query, you have the same risk. Always parameterize or properly escape your SQL queries!

SQL Injection in a Non-Web Application

3 Answers3