CRV2 SQLInjJava

=JAVA SQL Injections=

SQL injections occur when input to a web application is not controlled or sanitized before executing to the back-end database The attacker tries to exploit this vulnerability by passing SQL commands in her/his input and therefore will create a undesired response from the database such as providing information that bypasses the authorization and authentication programmed in the web application

An example of a vulnerable java code (Livshits and Lam, 2005)

HttpServletRequest request = ...; String userName = request.getParameter("name"); Connection con = ... String query   = "SELECT * FROM Users " + " WHERE name = '" + userName + "'"; con.execute(query);