Simply stated, SQL injection vulnerabilities are caused by software applications that accept data from an untrusted source (internet users), fail to properly validate and sanitize the data, and subsequently use that data to dynamically construct an SQL query to the database backing that application. For example, imagine a simple application that takes inputs of a username and password. It may ultimately process this input in an SQL statement of the form

string query = "SELECT * FROM users WHERE username = "'" + username + "' AND password = '" + password + "'";

Since this query is constructed by concatenating an input string directly from the user, the query behaves correctly only if password does not contain a single-quote character.

Impact of SQL Injection vulnerabilities

  • Reading, Updating and Deleting arbitrary data from the database
  • Executing commands on the underlying operating system
  • Reading, Updating and Deleting arbitrary tables from the database

There are many way finding SQL Injection Vulnerabilities manually. But, in this article, I will show you how to find SQL Injection Vulnerabilities automatically. It’s no different than finding it manually. The process mainly involves three tasks :

  • Identifying Data Entry.
  • Inject Data to Database.
  • And last, detect anomalies from it’s response

you will see that you can do it automatically to a certain process. Identifying data entry (1st step) is something that can be automated. You can do it by just crawl the website and finding GET and POST request. As well ass Data Injection (2nd step), can also be done in an automatic fashion. The main problem is the 3rd step ( Detect Anomalies Response of Remote Server ). Although this part is easy for human to detect. it sometimes very difficult for a bot or software to detect it and fully understand output of the remote server. For example, when the web application returns the SQL error from database or when the web application returns HTTP 500 code error.

How to Fix SQL Injection Vulnerabilities in ASP.NET

c# code:

string queryText = "SELECT * FROM Students WHERE [email protected]";
SqlCommand cmd = new SqlCommand(queryText, conn);
cmd.Parameters.Add("@City",City);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
return ds;


ASP.NET code:

/*C# code*/
string commandText = "SELECT * FROM Customers WHERE [email protected]";
SqlCommand cmd = new SqlCommand(commandText, conn);
cmd.Parameters.Add("@CountryName",countryName);


Stored Procedure:

var connect = ConfigurationManager.ConnectionStrings["NorthWind"].ToString();
var query = "GetProductByID";
using (var conn = new SqlConnection(connect))
{
  using (var cmd = new SqlCommand(query, conn))
  {
    cmd.CommandType = CommandType.StoredProcedure;
    cmd.Parameters.Add("@ProductID", SqlDbType.Int).Value = Convert.ToInt32(Request["ProductID"]);
    conn.Open();
    //Process results
  }
}


Fixing the SQL Injection Vulnerabilities would not be enough to protect your web application. You need to protect it using Runtime Protection.

Cheap SQL Hosting with ASPHostPortal.com
Providing the best security, compliance, performance, and managed service separates ASPHostPortal.com from other hosting companies. MS SQL server supports our commitment to providing service options the businesses that choose ASPHostPortal.com demand. Use the Promo Code "DBSQL" (without quotes) and receive double SQL Server Space!