Java Web SQL injection Test (2)---instance test

In the following space, a simple example is used to illustrate how to test.

Function: Delete user according to user name, adopt the way of SQL stitching, the core code part is as follows:

Public Static void deletebyname (String name)throws exception{

Session session = Seesionfactory. opensession ();

Org.hibernate.Transaction tx = Session.begintransaction ();

Try

{

String hql= "Delete from Department where name= '" + name + "'";

Query query = session.createquery (HQL);

int res = query.executeupdate ();

Tx.commit ();

System. out. println (res);

}

Catch (Hibernateexception e)

{

System. out. println ("Deletebyname have Exception!");

E.printstacktrace ();

if (null ! = TX)

{

Tx.rollback ();

}

}

The corresponding tables in the database contain the following records:

Test code:

String name= "1";

Deletebyname (name);

A record of the database is not deleted after execution.

Instead, execute the following test code:

String name= "1 ' or ' 1 ' = ' 1";

Deletebyname (name);

All two records of the database were emptied after execution.

Clearly the database is no name=1 records exist, but incredibly all deleted, the reason is the existence of malicious SQL, the system is not properly processed, resulting in the Where condition is always true, delete all the data in the table.

Java Web SQL injection Test (2)---instance test