-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SQL Injection - Stored Procedures #15
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add additional SQL injection rules for .sql files (additional files):
Look for sp_executesql without the 2, 3 parameters or EXEC statement.
Find all where one of these methods is called using a string data w/ no parms. Plus, go a step back and make sure a string variable is appended into the statement.
https://msdn.microsoft.com/en-us/library/bb399403(v=vs.110).aspx
The text was updated successfully, but these errors were encountered: