Giuseppe: vba - Microsoft Access SQL Injection -

Friday 15 August 2014

vba - Microsoft Access SQL Injection -

I have to fix some security problems in a non-IT app that was assigned to keep us this Microsoft Access Front -end (SQL Server Back-End).

Does anybody know that SQL injection can be done through the records of SourceSource or Microsoft Access Control Roosource property? For example, if I set the record resource of the listbox to

, then me SomeListBox.Recordsource = 'SELECT * SomeTable WHERE SomeField =' '' & amp; Me.txtSomeTextBox & amp; '' '. * I'm not sure whether Microsoft has created or prevented those properties, so I'm thinking that I should run that Me.txtSomeTextBox through the cleanup function.

This is definitely a quick fix ... this application is being redesigned and later this year, access (yay!) Has gone out.

Thank you in advance!

  If you are combining string, then you are weak.




Posted by



Unknown




at

03:22











Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest




No comments:







Post a Comment




Newer Post


Older Post

Home




Subscribe to:
Post Comments (Atom)


















    
About Me




Unknown



View my complete profile



Blog Archive








        ► 
      



2015

(1886)





        ► 
      



September

(203)







        ► 
      



August

(208)







        ► 
      



July

(224)







        ► 
      



June

(210)







        ► 
      



May

(230)







        ► 
      



April

(195)







        ► 
      



March

(209)







        ► 
      



February

(201)







        ► 
      



January

(206)









        ▼ 
      



2014

(2117)





        ► 
      



September

(239)







        ▼ 
      



August

(251)

c# - Calling multiple methods asynchronously -
.net - SQL Sever Java Compatible GUID / UUID (Big ...
Cannot fix the select/delete function. PHP/MySQL/J...
ios - Programmatically turn off VoiceProcessingIO ...
Having issue with PHP URL Redirect Between Multipl...
c# - How to add a listViewItem with its own unique...
ios - Positioning GMSMapView to show multiple anno...
java - Factory method to return an implementation ...
django - Heroku Custom domains : Error NOT FREE? -
algorithm - Create binary tree from inorder and po...
asp.net - Kendo TabStrip: Getting the Selected Ind...
css - move text from BreadCrumb to the left -
javascript - Evaluate div.innerHTML with document....
c# - Thumb control highlighted and dragging appear...
java - What isn't this code inserting values into ...
html - Overriding class in chain? -
CSS table-cell widths work in Chrome but not FF or...
python - "Flattening" a list of dictionaries -
Excel Ribbons Doesn't work after file rename -
Send data from .NET application to Rails applicati...
c++ - Run a tutorial in Visual Studio - What kind ...
networking - Hourly network device restart using B...
python - Numpy: np.where function given argmax -
haskell - cabal install pcap windows 64bit -
algorithm - Efficient enumeration of subsets -
C# on Android: Xamarin or Unity? -
parsing - Type-of-address of the sender number (SM...
set cell or row background color in a google sprea...
Android how to adjust image background to be cente...
syntax - Can typescript export a function? -
ruby on rails - Can I practice capistrano on my pc? -
ios - Disable Gesture Recognizer for UIImageView i...
ios - what's the difference between custom cell cl...
csv - Handling/editing special characters in a hug...
java - Extracting application icons still null -
Ruby - Splititng Array after getting data from Mys...
HTML table td display -
jQuery plugin how to add events? -
json - Convert nested hash table recursively in Pe...
Bash script replace two fields in a text file usin...
How to appy one javascript function to multiple te...
ruby on rails - Convert HTML to word file ? -
Using object of imported class as global variable ...
python - How to implement a program that can sent ...
android - Getting row id from database by clicking...
regex - Ruby regexp to match comma, but ignore com...
ruby - Custom Indentation Type for SASS Output -
c - Is this the correct explanation for this outpu...
Perl: Compare Two CSV Files and Print out differen...
How to get rid of PHP Notice: Undefined index: HTT...
I want to open a text file and edit a specific lin...
vba - Average Time between Two Date Fields in MySQ...
javascript - Dojo Gauges - can I restrict the sett...
qt - Quickly convert raw data to hex string in c++ -
linux - 755 folder in document root not readable b...
How do I create a criss-cross merge successfully i...
facebook fql - How to create FQL query within quer...
java - Returning null in a method whose signature ...
SAS macro do-loop with data step -
Change file name and move files based on file path...
ruby on rails - Name for has_many :through join ta...
Python SSH script won't work while executed by PHP -
c++ - How to use boost::bind with "this" pointer? -
Perl's default string encoding and representation -
How can i use this suggested intelliJ command to d...
asp.net mvc - JQuery AJAX Post Cascading Dropdown -
How to control what part of a UIView to update (iO...
parsing - Why does the lexer rule for strings take...
Xamarin Android FlyOutMenu by Garuma - Multiple Sc...
regex - IIS rewrite mobile detection -
ruby on rails - Override Devise downcase_keys meth...
ruby on rails - Convert Active Record set into an ...
python - Google Contacts: Missing Fields -
javascript - SVG to Screen Coordinate -
html - Simple JQuery animate(); not working in ie ...
javascript - setTimeout passing arguments issue -
java - Return sublist of a List of object array -
command - Retrieve SHMPGSZ on AIX programmatically? -
internet explorer 9 - Can I force IE9 *from the us...
javascript - Drag value in simulation blows up and...
java - How to wake up waiting SwingWorker? -
java - 'While' Loop not executing? -
How do you find the length of total Modbus/TCP dat...
java - Decode bytes to chars one at a time -
how to open date picker in jquery mobile (with hid...
asp.net - jquery ui dialog position -
jquery/javascript: Capture submit event from form ...
ruby - Reading user-specific environment variables...
data structures - Difference between Space utiliza...
ruby on rails - Why does gibbon throw 'uninitializ...
playframework - Play Framework Processing partial ...
How to POST video to Facebook through Graph API us...
asp.net mvc - Paging not working when loadonce:tru...
clojure - transferring values from remote nrepl -
java - onCreateView() in Fragment is not called im...
delphi - Saving blob field from Advantage DB to fi...
distribution - Marcumq Function In MATLAB -
jms - Diagnostics and statistics for messages in a...
web config - Sitecore Lucene Search Exclude Item -
sql - Shell script to retrieve row value and store...








        ► 
      



July

(226)







        ► 
      



June

(208)







        ► 
      



May

(229)







        ► 
      



April

(199)







        ► 
      



March

(255)







        ► 
      



February

(275)







        ► 
      



January

(235)









        ► 
      



2013

(2011)





        ► 
      



September

(199)







        ► 
      



August

(228)







        ► 
      



July

(210)







        ► 
      



June

(222)







        ► 
      



May

(217)







        ► 
      



April

(229)







        ► 
      



March

(243)







        ► 
      



February

(221)







        ► 
      



January

(242)









        ► 
      



2012

(1993)





        ► 
      



September

(227)







        ► 
      



August

(235)







        ► 
      



July

(225)







        ► 
      



June

(206)







        ► 
      



May

(221)







        ► 
      



April

(216)







        ► 
      



March

(206)







        ► 
      



February

(227)







        ► 
      



January

(230)









        ► 
      



2011

(1964)





        ► 
      



September

(220)







        ► 
      



August

(222)







        ► 
      



July

(219)







        ► 
      



June

(224)







        ► 
      



May

(219)







        ► 
      



April

(206)







        ► 
      



March

(216)







        ► 
      



February

(221)







        ► 
      



January

(217)









        ► 
      



2010

(1952)





        ► 
      



September

(230)







        ► 
      



August

(202)







        ► 
      



July

(221)







        ► 
      



June

(207)







        ► 
      



May

(213)







        ► 
      



April

(199)







        ► 
      



March

(234)







        ► 
      



February

(244)







        ► 
      



January

(202)


















    















Powered by Blogger.