CWE-89
ypKChz

CWE-89

Weakness ID:89(Weakness Base)

Status: Draft

SQLCWFNV

v

\tgEFAO͓̓eʃR|[lgʂĎgpA̓eSQLR}h\zĂꍇɂāAӐ}ĂSQLR}hłĂ܂ȗvfAK؂ɖɉʃR|[lgɑMۂɔƎ㐫łB

ڍׂȉ

[U̓͂Ɋ܂܂ SQL \ɑ΂鏜p̏\łȂƁAꂽ SQL NGɂāA͂ʏ̃f[^ł͂Ȃ SQL Ƃĉ߂Ă܂”\܂B́ANG̃WbNςăZLeB`FbNA邢͐VȃXe[gg}ăobNGh̃f[^x[XiꍇɂĂ̓VXeR}hsĵɗp”\܂B

SQL CWFNV́Af[^x[XƘA Web TCgɂ悭悤ɂȂ܂B{Ǝ㐫́AeՂɔAp̂ŁAŏx̃[ULTCg\tgEFApbP[WɂĂU󂯂”\łB̐Ǝ㐫́ASQL ƃf[^ʂȂƂɋN܂B

Ǝ㐫̔

A[LeN`ѐ݌v

YvbgtH[

S

f[^x[XT[o

Ǝ㐫̔

{Ǝ㐫́Af[^x[XɃ[U̓͂ۑf[^b`AvP[VŔ܂B

ʓIȉe

 

e󂯂͈ e
@ ZpICpNgFAvP[Vf[^̓ǂݎ
SQL f[^x[X͈ʓIɋ@f[^ێ邱Ƃ߁ASQL CWFNV̐Ǝ㐫ɂ@𑹎”\܂B
F ZpICpNgFی상JjỶ
[UуpX[h̃`FbNɎgp SQL R}hƎȏꍇApX[hmȂ[UɃVXe֐ڑ”\܂B
F ZpICpNgFی상JjỶ
SQL f[^x[XɔF񂪕ۑĂꍇASQL CWFNVUɂ肻̏”\܂B
S ZpICpNgFAvP[Vf[^̉
SQL CWFNVUɂA@̓ǂݎA폜s”\܂B

 

U󂯂”\

ɍ

U”\ɂv

[U̓͂܂ރNG𓮓IɐAvP[V

oi

ÓI
{Ǝ㐫͎ÓI̓c[ɂČo”\łBŋ߂̃c[̑́AtH[X|WeBuŏ邽߂ɁAf[^t[͂␧x[X̋ZpgpĂ܂B
ÓI͂́A͂̑Ó`FbNK؂ɍsĂꍇAႦ΁AZLeBêȂxAR[h̕ύXvȂxƂtH[X|WeBuʂłȂ”\܂B
ÓI͂́A SQL R}hĂяo悤ȃJX^ API ֐AT[hp[eB̃Cu̎gpołȂꍇA API ⃉CũR[h͂ɎgpłȂꍇɂāAtH[XlKeBuN”\܂B
̎iŁA100̐xSۂ邱ƂJo[͕s”\Ȃ߁Aȉł͂܂B

ÓI
{Ǝ㐫́At@YeXg(t@WO)AoXglXeXg(挒̃eXg)AtH[gCWFNV(G[킴ƋNeXg)A푽lȓ͂–cȃeXgP[Xgpă\tgEFA𕪐͂AIȃc[ZppČo邱Ƃ”\łB
\tgEFȀx͒ቺ܂AsɂȂANbVAsmȌʂoƂƂ͂܂B

LF


蓮ɂ镪͖͂{Ǝ㐫̔ɗLłAԓIȐ̒ŃR[hSĂ𕪐͂邱Ƃ͕s”\łƍl܂BSĂ̓͂ɂ‚člKvȐƎ㐫̏ꍇ͍U”\ȑʂ傫߂邽߁A̎@ɂ镪͍͂łB

ƎȃR[h

 1:

2008NA SQL CWFNV̍UpėlXȃvOUA Web T[oQɑ܂B̍UɂAWeb TCg񂳂Aӂ̂R[h̊gUɗp܂B

 2:

 

ȉ̃R[h́Ã[Uƈv鍀ڂ SQL NG𓮓Iɍ\zAŝłB\鍀ڂAݔF؂Ă郆[Uƈv鍀ڂ݂̂ɐ܂B
TvF C# ij 
...
string userName = ctx.getAuthenticatedUserName();
string query = "SELECT * FROM items WHERE owner = '" + userName + "' AND itemname = '" + ItemName.Text + "'";
sda = new SqlDataAdapter(query, conn);
DataTable dt = new DataTable();
sda.Fill(dt);
c

̃R[hɂsNG͈ȉ̂悤ɂȂ܂B 
SELECT * FROM items WHERE owner = <userName> AND itemname = <itemName>;

ÃNG̓x[XƂȂ܂NGƃ[U̓͂AāAIɍ\z邽߁AitemName ɃVONH[g܂܂Ȃꍇ̂ݐ삵܂BႦ΁AuwileyvƂ[UpčU҂Aȉ͂ꍇF

iUj 
name' OR 'a'='a

itemNameɑ΂āÃNG͈ȉ̂悤ɂȂ܂B

iUj 
SELECT * FROM items WHERE owner = 'wiley' AND itemname = 'name' OR 'a'='a';



iUj 
OR 'a'='a'

Ƃɂ WHERE ͏Ɂu^vƂȂ邽߁ANG͘_IɁA

iUj 
SELECT * FROM items;

Ɠl̈ӖƂȂ܂BɂU҂́AF؂ꂽ[UL鍀ڂ݂̂ԂƂv܂B‚܂ÃNG͓͂ꂽ[UɊւ炸Aitems e[uɕۑꂽSẴGgԂ܂B

 

 3:

 

̗ł́A 2 Ƃ͈قȂ鈫ӂľʂ؂܂B uwileyvƂ[UpčU҂Aȉ͂̕ꍇA

iUj 
name'; DELETE FROM items; --

̕ itemName ɓ͂邱ƂɂÃNG͈ȉ̗l2‚ɕ܂B

TvF SQL iUj 
SELECT * FROM items WHERE owner = 'wiley' AND itemname = 'name';
DELETE FROM items;
--'

Microsoft(R) SQL Server 2000 ܂ޑ̃f[^x[XT[óAZ~Rŋ؂ꂽ SQL Xe[gg𓯎Ɏs܂B̂悤ȍU͂ꂽꍇAZ~Rŋ؂ꂽ\̃ob`‚Ȃ Oracle Ƃ̑̃f[^x[XT[oł̓G[Ԃ܂Aob`‚Ăf[^x[Xł́AU҂Cӂ̃R}hs”\܂B

̃f[^x[XT[oɂāAu--vȍ~̃Xe[gg̓RgƂĈs܂B̏ꍇAu--vɂ񂳂ꂽNG̍ŌɎcVONH[gRg菜܂B̗lȃRgeȂf[^x[XT[oɂĂARggpȂގdg݂ɂʓIȍU̔Qɑ”\܂B

U҂ȉ̂悤ȕ͂ꍇA

iUj 
name'; DELETE FROM items; SELECT * FROM items WHERE 'a'='a

3‚̑ÓȃXe[gg܂B

iUj 
SELECT * FROM items WHERE owner = 'wiley' AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a'='a';

]̑΍ƂẮASQL CWFNV͂ɑ΂Ó̊mF̖ƂĈASȕ̂ݓo^ċ‚zCgXgƁAݓIɈӂ̂l߃GXP[vsubNXg܂B zCgXǵA͂̑Ó̊mFsƂƂĂʓIȕ@ŁAp[^ꂽSQLXe[gg̓eiXȂAZLeB̊ϓ_ŕۏ؂^܂B ubNXǵAقƂǂ̏ꍇɂĔRꂪASQL CWFNVȖ΍Ƃď\ł͂܂BႦ΁AU҂͈ȉ̂Ƃ”\łB

ENH[gň͂ĂȂtB[h_
EGXP[v郁^LN^gpɍU
E}^LN^B邽߂ɁAXgAhvV[W𗘗p

SQL NGɑ΂͂蓮ŃGXP[v@𗧂܂ASQL CWFNVUAvP[Vmɕی삷邱Ƃ͂ł܂B

̈ʓIȉƂāAXgAhvV[W𗘗p邱Ƃ܂BAXgAhvV[W͂ނ SQL CWFNVUɑ΂Ă͗LłȂ命 SQL CWFNVUɑ΂Ă͌ʂ܂BႦ΁Aȉ PL/SQL vV[W͈–ڂ̗ŋ悤 SQL CWFNVUɑ΂Ă͐ƎłB

ij 
procedure get_item ( itm_cv IN OUT ItmCurTyp, usr in varchar2, itm in varchar2)
is open itm_cv for
' SELECT * FROM items WHERE ' || 'owner = '|| usr || ' AND itemname = ' || itm || ';
end get_item;

XgAhvV[ẂAp[^ɈnXe[gg̃^Cv𐧌邱ƂɂASQL CWFNVU̖hɖ𗧂܂BAiAXgAhvV[WXe[gg݂͐܂B̏ꍇ͂ASQL CWFNVUAvP[Vmɕی삷邱Ƃ͂ł܂B

 

 4:

 

MS SQL ɂ̓VFR}h̎sLɂgݍ݊֐݂܂B̂悤ȃReLXgɂ SQL CWFNV͔Ɋ댯łB̃NGɋ܂B

ij 
SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='$user_input' ORDER BY PRICE

ŁA$user_input ɂ̓[U̓͂tB^OĂȂԂňn܂B [Uȉ͂̕ꍇ

iUj 
' exec master..xp_cmdshell 'dir' --

̃NG͈ȉ̂悤ɉ߂܂B

iUj 
SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='' exec master..xp_cmdshell 'dir' --' ORDER BY PRICE

sȓ͂ɂÃNG3‚ɕANGAVFR}h̎sAуRgɕύX܂B

[1] ԖڂSQL NG : SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=''
[2] ԖڂSQLNGiVFR}hsj : exec master..xp_cmdshell 'vol'
[3] MS SQL̃Rg : --' ORDER BY PRICE

 

 5:

 

ȉ̗́AMessegeID ɗ^ꂽbZ[WT}o͂܂B

TvF PHP ij 
$id = $_COOKIE["mid"];
mysql_query("SELECT MessageID, Subject FROM messages WHERE MessageID = '$id'");

vO} cookie ͉񂪕s”\łƑz肵A$id ɑ΂Ó̊mFȗ܂BAۂɂ͓ʂɍ쐬NCAgR[h̗pAWeb uEUł cookie ̉͗eՂłB
mysql_query() ̌Ăяo $id VONH[gň͂Ă邽߁AU҂͌Ăяo mid cookie ̂悤ɉ񂵂܂B

iUj 
1432' or '1' = '1

ʂƂāANG͈ȉ̗lɂȂ܂B

iʁj 
SELECT MessageID, Subject FROM messages WHERE MessageID = '1432' or '1' = '1'

̃R[h́AbZ[W ID 1432 邾łȂȂ̑SẴbZ[WĂяo܂B
̏ꍇ́AR[h̒PȕύXɂ SQL CWFNV̐Ǝ㐫菜Ƃł܂B

TvF PHPiǂj 
$id = intval($_COOKIE["mid"]);
mysql_query("SELECT MessageID, Subject FROM messages WHERE MessageID = '$id'");

ÃR[h[UɂقȂ郁bZ[W{bNXT|[ĝłꍇAAvP[Ṽ[UbZ[W{錠Ă邩mF邽߂ɁAANZXRg[̃`FbN (CWE-285) KvƂȂ܂B

 

 6:

 

̗ł́A[U͂ꂽO󂯎Af[^x[Xւ̓o^s܂B

TvFPerl ij 
$userKey = getUserID();
$name = getUserInput();
# ensure only letters, hyphens and apostrophe are allowed
$name = whiteList($name, "^a-zA-z'-$");
$query = "INSERT INTO last_names VALUES('$userKey', '$name')";

[U̓͂ɑ΂ăzCgXgKĂ܂Ȁꍇɂ͌_܂B ܂ASQL ŃRg\z邽߂ɎgpnCt‚Ă܂B[Uu--v͂ƁAȍ~̃Xe[gg̓RgƂĈAZLeBWbN”\܂B
ɁÃzCgXgł́Af[^ƃR}h̋ʂA|XgtB‚Ă܂B[UOɃA|XgtB͂ƁAXe[ggŜ̍\ςAvO̐t[ύXAꍇɂĂ͋@ɃANZXꂽA񂳂”\܂B
̏ꍇł́AnCtA|XgtB͖OƂĎgp鐳K̕Ƃċ‚悤vĂ܂Bf[^R}ȟ߂֍ƂāÃXe[gggp邩ASẴf[^yі߂̌߂h[`̃GR[fBO̓Kp]܂ł傤B

 

 

Q ڍ
CVE-2004-0366 chain: SQL injection in library intended for database authentication allows SQL injection and authentication bypass.
CVE-2008-2790 SQL injection through an ID that was supposed to be numeric.
CVE-2008-2223 SQL injection through an ID that was supposed to be numeric.
CVE-2007-6602 SQL injection via user name.
CVE-2008-5817 SQL injection via user name or password fields.
CVE-2003-0377 SQL injection in security product, using a crafted group name.
CVE-2008-2380 SQL injection in authentication library.

 

Q̊ɘa

tF[YFA[LeN`ѐ݌v

헪F CuAt[[N
{Ǝ㐫̔hA邢͖{Ǝ㐫₷\񋟂A\ɌꂽCut[[NgpĂB
ƂāAK؂Ȏgpɂ SQL CWFNVɑ΂鋭͂ȕیƂȂ Hibernate Java Beans  Enterprise Java Beans Ȃǂ̉iƒC܂B

tF[YFA[LeN`ѐ݌v

헪Fp[^
”\ł΁AIɃf[^ƃR[hԂ̕悤ȁA\ꂽdg݂gpĂB
̂悤Ȏdg݂ɂAJ҂蓮ōsɁAo͂SẲӏɁA֘ANH[gAGR[hA͂̑Ó`FbN̋@\Iɒ񋟂邱Ƃ”\łB
pӂꂽXe[ggAp[^ꂽNGAXgAhvV[Wp SQL NGĉB̍ہAp[^ϐ󂯓A^tT|[ĝgpĉBSQL CWFNVē”\邽߁AēIȍ\ "exec" ގ֐܂ނ̂̎gp͔ĉB

tF[YFA[LeN`ѐ݌vAIy[V

헪F ‹̋
Kvȃ^XNs邽߂ɋ߂ŏ̌gpăR[hsĂB”\ł΁A‚̃^XN݂̂ɎgpA肵PƂ̃AJEg쐬ĂBɂAUꍇłAɑ̃\tgEFA₻̊‹փANZX邱ƂhƂł܂BႦ΁AɓIȃIy[VɂāA߂Ƀf[^x[X̊ǗҌKvƂȂf[^x[XAvP[V܂B
̓Iɂ́A[UAJEgSQLf[^x[Xɍ쐬ꍇAŏ̌ɏ]ĉB[Uւ̌t^͕Kvŏ݂̂ƂׂłBVXe̗vɁA[Ug̃f[^̓ǂݎ肨ѕύX܂܂ĂꍇÃ[Ũf[^ǂݎ⏑݂łȂ悤𐧌ĉBXgAhvV[W͎ŝ݋‚ȂǁA”\Ȍf[^x[X̃IuWFNgւ̃p[~bV͌ĉB

tF[YFA[LeN`ѐ݌v

CWE-602 h߂ɁANCAgōsSẴZLeB`FbNT[ołlɍsĂ邱ƂmFĂBU҂̓`FbNsꂽƂɒl񂷂A邢̓`FbNSɏ邱ƂŁANCAg̃`FbN邱Ƃ”\łB̏ꍇA񂳂ꂽlT[oɑM܂B

tF[YF

헪Fo̓GR[fBO
XNeAIɐNGR}hgpKvꍇɂ́AK؂ɈNH[gAɊ܂܂ꕶGXP[vĉBłTdȎ@ƂāAɌdȃzCgXgʉ߂ȂSĂ̕ɂ‚āAGXP[v̓tB^OsipȊȎSĂ̕󔒓jƂ܂B󔒓̓ꕶ̎gpKvȏꍇ́AGXP[v̓tB^ȌAꂼ̈NH[gň͂ĂBargument injectioniCWE-88j̐Ǝ㐫Ȃ悤ӂĂB

f[^x[XvO~OɂẮAƎɎɈȉ̂悤ȋ@\̗pLłBOracle DBMS_ASSERT pbP[ẂAp[^ SQL CWFNVɑ΂Ǝ㐫悤ȃvpeBĂ邩ǂ̃`FbNÃvpeB邱Ƃ”\łB܂AMySQL  mysql_real_escape_string() API ֐́AC  PHP ̗ŗp”\łB

tF[YF

SĂ͈̓͂ӂ̂̂Ƒz肵ĂBdlɌɏ]‚zCgXggp铙Am̓͂̑Ó`FbN@pĂBdlɔ͂ۂA邢͓͂dlɓK`ɕωĂBubNXgɈˑĂ܂Aӂ̂A邢͕sȓ͂TƂ݂̂ɈˑȂłBAubNXg͗\ǓmAɋۂׂsȓ͂肷ۂɖ𗧂܂B

͒l̑Ó`FbNہA֘AȑSĂ̗vfiA̓^CvAel͈̔́A͂̉ߕsA\A֘AtB[hԂ̈ѐAyуrWlX[̈vAjɂ‚člĂBrWlX[̗ƂāA"boat" ͉p܂܂Ȃߍ\IɗLłAJ҂ "red"  "blue" ̂悤ȐF̖Oz肷ꍇɂ͗Lł͂ȂAƂWbN܂B

SQL NG\zꍇɂ́Ap[^⃊NGXgƂė\l̕Zbg𐧌錵zCgXggpĂBɂAԐړIɍU͈̔͂肷邱Ƃ”\łAK؂ȏo̓GR[hyуGXP[vƔrƊɘaƂĂ̏dvx͉܂B

K؂ȏo͂̃GR[hAGXP[vANH[ǵASQL CWFNVh߂ɍłʓIȉł̂ɑ΂A͂̑Ó`FbN͑whŒ񋟂̂ł邱ƂɒӂĂB́Aۂɏo͂eʓIɐ邩łB͂̑Ó̃`FbNOSR}hCWFNVh킯ł͂܂BɁACӂ̓eRɓ͉”\ȃeLXgtB[h̃T|[gKvƂꍇ͍ɂȂ܂BႦ΁AuO'ReillyvƂÓApł͂ӂꂽł邽ߑÓ̊mFł悤Ɏv܂BAA|XgtB܂܂Ă邽߁AGXP[v邩Aʂ̕@ł̏KvɂȂ܂B̏ꍇAA|XgtB菜Ƃ SQL CWFNṼXNy邱Ƃ͉”\łAsmȖOo^Ă܂߁AN”\܂B

”\ł΁AꂪAGXP[v̑Ƃă^LN^SɋۂłSȎiłB̎íAwȟʂ܂Bf[^f[^x[Xɓo^ꂽAȍ~̃vZX́AȑOɎgpꂽ^LN^̃GXP[v𖳎܂B܂ÃvZXɑ΂ẴRg[͕s”\łB

tF[YFA[LeN`ѐ݌v

헪F ϊɂ鋭
t@CURL̂悤ȏɓKIuWFNgĂꍇA邢͊młꍇAŒ肵͒liIDjۂ̃t@CURL̃}bsO쐬AȊO̓͂ۂĂB

tF[YF

G[bZ[WΏۂƂȂǎ҂ɂƂĂ̂ݗLvȁAŏ̏ڍ׏񂵂܂܂ȂƂmFĂBbZ[W͓KxɞBɂȂ悤ɃoXKv܂BG[e𔻕ʂ@JKv͕K܂B̂悤ȏڍ׏͍U@𑝂₷”\܂B

AG[ɂڍׂǐՂKvꍇAObZ[WɋL^悤ɂĂBAU҂ObZ[W{”\łꍇɉN邩lĂBǂȌ`łĂpX[ĥ悤ȋɔ񂪋L^邱Ƃׂ͔łB܂A[ULۂƂAU҂ɓ̍\𐄑Ă܂悤ȁAѐ̂ȂbZ[WɂȂȂ悤ĂB

SQL CWFNV̔wiɂāASQL NG̍\JĂ܂悤ȃG[bZ[ẂAU҂UgݗĂ邱Ƃ܂”\܂

tF[YFIy[V

헪F t@CAEH[
{Ǝ㐫ɑ΂UmAvP[Vt@CAEH[gpĂBO҂삵\tgEFAł邽߃R[hCłȂꍇȂǂɁA葍Iȃ\tgEFA̕ۏ؎iƂȂ邽߁Aً}ƂāA܂͑wh̖ړIƂČʓIłB

LF
AvP[Vt@CAEH[͑SĂ̓̓xN^[ԗ邱ƂłȂ”\܂BāA͂؂鏈ɑ΂ĕsȌ`̓͂ɂAh䃁JjYI񂷂悤ȍsׂ”\łBAvP[Vt@CAEH[̋@\ɂẮAspӂɐȃNGXgہA܂͏CĂ܂”\܂BŏIIɁA蓮ɂJX^}CYKvłB

tF[YFIy[VA

헪F ‹̋
PHP gpĂꍇ́Aregister_globals gpȂ悤ɃAvP[Vݒ肵ĂBɂẮA̋@\ɗȂ悤AvP[VJĂBregister_globals ̗ގ@\̎ɂĂ CWE-95ACWE-261 yїގƎ㐫̑ΏۂƂȂȂ悤xĂB

֌W

 

Nature Type ID Name View(s) this relationship pertains to
ChildOf Weakness Class 20 Improper Input Validation Seven Pernicious Kingdoms (primary)700
ChildOf Weakness Class 77 Improper Neutralization of Special Elements used in a Command ('Command Injection') Development Concepts (primary)699
Research Concepts (primary)1000
ChildOf Category 713 OWASP Top Ten 2007 Category A2 - Injection Flaws Weaknesses in OWASP Top Ten (2007) (primary)629
ChildOf Category 722 OWASP Top Ten 2004 Category A1 - Unvalidated Input Weaknesses in OWASP Top Ten (2004)711
ChildOf Category 727 OWASP Top Ten 2004 Category A6 - Injection Flaws Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOf Category 751 2009 Top 25 - Insecure Interaction Between Components Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)750
ChildOf Category 801 2010 Top 25 - Insecure Interaction Between Components Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors(primary)800
ChildOf Category 810 OWASP Top Ten 2010 Category A1 - Injection Weaknesses in OWASP Top Ten (2010)(primary)809
ParentOf Weakness Variant 564 SQL Injection: Hibernate Development Concepts (primary)699
Research Concepts (primary)1000
MemberOf View 630 Weaknesses Examined by SAMATE Weaknesses Examined by SAMATE (primary)630
MemberOf View 635 Weaknesses Used by NVD Weaknesses Used by NVD (primary)635
CanFollow Weakness Base 456 Missing Initialization Research Concepts1000

 

֌W̕⑫

SQL CWFNV́Aꕶ̊Ǘ~XAMAIDAubNXg^zCgXǧ̖ʂƂĔAF؃G[̗vƂȂ”\܂B

gDł̕

 

gD܂͑gDł̕ m[h ID CWE̕ނƂ̓Kx ޖ
PLOVER SQL injection
7 Pernicious Kingdoms SQL injection
CLASP SQL injection
OWASP Top Ten 2007 A2 CWE̕ڍ Injection Flaws
OWASP Top Ten 2004 A1 CWE̕ڍ Unvalidated Input
OWASP Top Ten 2004 A6 CWE̕ڍ Injection Flaws
WASC 19 SQL Injection

 

֘AUp^[

 

CAPEC-ID Up^[ (CAPEC Version 1.5)
7 Blind SQL Injection
66 SQL Injection
108 Command Line Execution through SQL Injection
109 Object Relational Mapping Injection
110 SQL Injection through SOAP Parameter Tampering

 

zCg{bNX̒`

R[hpXȉ̏𖞂Ǝ㐫
  1. JnXe[ggœ͂󂯕tꍇA
  2. IXe[ggŁAȉ̏𖞂 SQL R}hsꍇ
    E͂ SQL R}ḧꕔłASQL \܂(ɃNGZp[^)ꍇ

Q

[REF-17] Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 1: SQL Injection." Page 3. McGraw-Hill. 2010. 
[REF-11] M. Howard and D. LeBlanc. "Writing Secure Code". Chapter 12, "Database Input Issues" Page 397. 2nd Edition. Microsoft. 2002. 
OWASP. "SQL Injection Prevention Cheat Sheet". <http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet>.
Steven Friedl. "SQL Injection Attacks by Example". 2007-10-10. <http://www.unixwiz.net/techtips/sql-injection.html>.
Ferruh Mavituna. "SQL Injection Cheat Sheet". 2007-03-15. <http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/>.
David Litchfield, Chris Anley, John Heasman and Bill Grindlay. "The Database Hacker's Handbook: Defending Database Servers". Wiley. 2005-07-14. 
David Litchfield. "The Oracle Hacker's Handbook: Hacking and Defending Oracle". Wiley. 2007-01-30. 
Microsoft. "SQL Injection". December 2008. <http://msdn.microsoft.com/en-us/library/ms161953.aspx>.
Microsoft Security Vulnerability Research & Defense. "SQL Injection Attack". <http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx>.
Michael Howard. "Giving SQL Injection the Respect it Deserves". 2008-05-15. <http://blogs.msdn.com/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx>.
Frank Kim. "Top 25 Series - Rank 2 - SQL Injection". SANS Software Security Institute. 2010-03-01. <http://blogs.sans.org/appsecstreetfighter/2010/03/01/top-25-series-rank-2-sql-injection/>.

XV

[2011N0421]
  2010N1012_̃f[^ɍXV
[2009N0629]
  2009N0202_̉L URL ɍ쐬
    http://cwe.mitre.org/data/definitions/89.html

o^ 2011/04/21

ŏIXV 2023/04/04