Mobile SQL Injection Vulnerability
Mobile SQL Injection Vulnerability
Description
Mobile SQL Injection is a vulnerability that allows attackers to inject malicious SQL statements into mobile applications, potentially gaining unauthorized access to sensitive data or manipulating the database.
Examples
Kotlin
kotlin
import java.sql.Connection
import java.sql.DriverManager
import java.sql.PreparedStatement
import java.sql.ResultSet
fun main() {
val input = readLine() ?: ""
val connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/mydatabase", "username", "password")
val statement = connection.prepareStatement("SELECT * FROM users WHERE username = ?")
statement.setString(1, input)
val resultSet = statement.executeQuery()
while (resultSet.next()) {
val username = resultSet.getString("username")
val password = resultSet.getString("password")
println("Username: $username, Password: $password")
}
resultSet.close()
statement.close()
connection.close()
}
Recommendation
To mitigate Mobile SQL Injection vulnerabilities, Consider the following:
- Use parameterized queries or prepared statements to separate SQL code from user input.
- Sanitize and validate user input before inserting it into database to help mitigate second-order SQL injection.
- Regularly update SQL driver to address any known vulnerabilities.
import java.sql.Connection
import java.sql.DriverManager
import java.sql.PreparedStatement
fun main() {
val url = "jdbc:mysql://localhost:3306/mydatabase"
val username = "username"
val password = "password"
var connection: Connection? = null
var preparedStatement: PreparedStatement? = null
try {
connection = DriverManager.getConnection(url, username, password)
val sql = "INSERT INTO users (name, email) VALUES (?, ?)"
preparedStatement = connection.prepareStatement(sql)
// Set values for the parameters
preparedStatement.setString(1, "John")
preparedStatement.setString(2, "john@example.com")
// Execute the prepared statement
preparedStatement.executeUpdate()
} catch (e: Exception) {
e.printStackTrace()
} finally {
preparedStatement?.close()
connection?.close()
}
}
import Foundation
import SQLite3
func insertUser(name: String, email: String) {
var db: OpaquePointer?
var statement: OpaquePointer?
let dbPath = "path_to_your_database_file.db"
if sqlite3_open(dbPath, &db) == SQLITE_OK {
let insertStatementString = "INSERT INTO users (name, email) VALUES (?, ?)"
if sqlite3_prepare_v2(db, insertStatementString, -1, &statement, nil) == SQLITE_OK {
sqlite3_bind_text(statement, 1, (name as NSString).utf8String, -1, nil)
sqlite3_bind_text(statement, 2, (email as NSString).utf8String, -1, nil)
if sqlite3_step(statement) == SQLITE_DONE {
print("Successfully inserted row.")
} else {
print("Could not insert row.")
}
} else {
print("INSERT statement could not be prepared.")
}
sqlite3_finalize(statement)
} else {
print("Unable to open database.")
}
sqlite3_close(db)
}
import 'package:sqflite/sqflite.dart';
import 'package:path/path.dart';
void insertUser(String name, String email) async {
Database database = await openDatabase(
join(await getDatabasesPath(), 'mydatabase.db'),
onCreate: (db, version) {
return db.execute(
"CREATE TABLE users(id INTEGER PRIMARY KEY, name TEXT, email TEXT)",
);
},
version: 1,
);
await database.transaction((txn) async {
await txn.rawInsert(
'INSERT INTO users(name, email) VALUES(?, ?)',
[name, email],
);
});
}
Links
Standards
- OWASP_MASVS_L1:
- MSTG_PLATFORM_5
- MSTG_PLATFORM_7
- MSTG_PLATFORM_3
- OWASP_MASVS_L2:
- MSTG_PLATFORM_5
- MSTG_PLATFORM_7
- MSTG_PLATFORM_3
- PCI_STANDARDS:
- REQ_6_2
- REQ_6_3
- REQ_6_4
- REQ_11_3
- OWASP_MASVS_v2_1:
- MASVS_CODE_4
- SOC2_CONTROLS:
- CC_2_1
- CC_3_4
- CC_4_1
- CC_7_1
- CC_7_2
- CC_7_4
- CC_7_5