Sunday, 1 December 2019

SQL injection for the following regular expression



I am looking for backdoors in various softwares and wondering if the following code is vulnerable to a sql injection.



There's an email field with the following validation expression. (ASPX/CS)



ValidationExpression="\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*">



Is it possible to exploit the above to drop a table for example or do anything malicious using a SQL injection?



Thanks
Regards



EDIT 1: People have asked me how this was implemented —



SqlConnection conn = new SqlConnection(snpConnectionString);
SqlCommand command = conn.CreateCommand();

conn.Open();
command.CommandText = "INSERT INTO TABLE_ VALUES ('" + TextBoxFN.Text + "','" + TextBoxLN.Text + "','" + sb1.ToString() + "','" + TextBoxEA.Text + "','" + sb.ToString() + "',0,'" + DateTime.Now + "')";
try{
SqlDataReader reader = command.ExecuteReader();
}
catch
{
Response.Redirect("Error.aspx", true);
}



TextBoxEA.text corresponds to the email address.


Answer



Regular expression validation is great for the UI or business layer to check user input to prevent errors.



It is less great for preventing SQL injection.



If the code does not use parameterized queries, it is vulnerable either now, or later after someone makes a minor error updating the regular expression to conform to a new business requirement.


No comments:

Post a Comment

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print ...