question

Sharma avatar image
Sharma asked

Table values replace with special character

Hi, From last few weeks I am facing unknown issue on MS SQL database, I have 100 XP windows machines with MSDE 2000, MS SQL 2005 Express edition on few database table values are replace with special character automatically. I faced this issue on three different machines on different tables; suppose actual value is **bafasd459** it got changed with **bafasd45`** and replaces last character with special character value. I got this issue on single row column value only not all column rows of table. Database systems are on WAN. Is it the case of SQL Injection Attacks? Is SQL Injection is possible on Desktop Application? (Delphi Desktop application on MS SQL) What things should I check to indentify the issue?
sql-server-2005sql-server-2000msde
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

· Write an Answer
Kev Riley avatar image
Kev Riley answered
To answer the question about is SQL injection possible on a desktop application - yes! SQL injection can happen ***anywhere*** where you are not sanitising your input and using that input to build dynamic queries. Don't be fooled into thinking that because your application isn't public facing (i.e. on a website) that it isn't prone to attack. A lot of attacks happen from within organizations!
1 comment
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

In mine case there is no chance of pass input or using dynamic query, On infected table we run Insert statement as given below:- Insert into table A(A,B,C) SELECT A,B,C FROM D I am surprised in above example how table can infected.
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.