Skip to content

Instantly share code, notes, and snippets.

@bertwagner
Last active August 25, 2017 22:35
Show Gist options
  • Save bertwagner/a71e44ff91828d4972ded925bf2abc9b to your computer and use it in GitHub Desktop.
Save bertwagner/a71e44ff91828d4972ded925bf2abc9b to your computer and use it in GitHub Desktop.
-- This file tries to find stored procedures and functions that *may* be vulnerable to SQL injection attacks.
-- It works by searching your database for occurences of "+" signs followed by "@", indicating that SQL parameters
-- might be getting concatenated to a dynamic SQL string. It also checks for the existence of 'EXEC' to see if any
-- strings are being executed.
-- Not every result returned will be susceptible to SQL injection, however they should all be examined to see if they are vulnerable.
-- Originally fromn: https://github.com/bertwagner/SQLServer/blob/master/SQL%20Injection%20Vulnerabilities.sql
SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED
SELECT
ROUTINE_CATALOG,
ROUTINE_SCHEMA,
ROUTINE_NAME,
ROUTINE_TYPE,
ROUTINE_DEFINITION
FROM
INFORMATION_SCHEMA.ROUTINES
WHERE
REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(ROUTINE_DEFINITION,CHAR(0),''),CHAR(9),''),CHAR(10),''),CHAR(11),''),CHAR(12),''),CHAR(13),''),CHAR(14),''),CHAR(160),''),' ','')
LIKE '%+@%'
AND
( -- Only if executes a dynamic string
ROUTINE_DEFINITION LIKE '%EXEC(%'
OR ROUTINE_DEFINITION LIKE '%EXECUTE%'
OR ROUTINE_DEFINITION LIKE '%sp_executesql%'
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment