One of the most common vulnerabilities in both web applications and mobile applications are the injection-based vulnerabilities. SQLite also suffers from an injection vulnerability if the input given by the user is used as it is or with little but insufficient protection in a dynamic SQL query.
Let's have a look at the SQL query used to query the data in the application, as shown here:
String getSQL = "SELECT * FROM " + tableName + " WHERE " + username + " = '" + uname + "' AND " + password + " = '" + pword + "'"; Cursor cursor = dataBase.rawQuery(getSQL , null);
In the preceding SQL query, the uname
and pword
fields are being passed from the user input directly into the SQL query, which is then executed using the rawQuery
method. The rawQuery
method will, in fact, simply execute whatever SQL query is passed to it. Another method that is similar to rawQuery
is the execSQL
method, which is as vulnerable as rawQuery
.
The preceding SQL query is used to verify the user...