none
Security Flaw in Microsoft.Practices.EnterpriseLibrary.Logging.Database.dll RRS feed

  • Question

  • Hi Team,

    We underwent security scanning purpose of our application and found Security Flaw in Microsoft.Practices.EnterpriseLibrary.Logging.Database.dll. Is there any chance of attacking from outside?

    Listed below the Flaw deails

    Type: SQL Injection
    Issue: Improper Neutralization of Special Elements used in an SQL Command ('SQL
    Injection')

    Module: Microsoft.Practices.EnterpriseLibrary.Logging.Database.dll
    Attack Vector: system_data_dll.System.Data.IDbCommand.ExecuteNonQuery

    Scope :microsoft_practices_enterpriselibrary_data_dll.Microsoft.Practices.EnterpriseLibrary.Data.Database
    Function: int DoExecuteNonQuery(System.Data.Common.DbCommand)

    Please support us is there any threat with this dll.

    Waiting for your support.

    Thanks,

    Purushotham.A

    Tuesday, March 4, 2014 7:15 AM

Answers

  • Hello,

    The Microsoft.Practices.EnterpriseLibrary.Data.dll is a higher abstract of the core ADO.Net constructs and enables the developer to complete the same tasks in a minimal amount of code.

    SQL Injection is a code injection technique that exploits a code vulnerability occurring in the database layer of an application - Wikipedia. SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.

    And even in ADO.NET it will have the threat from SQL Injection. So the Microsoft.Practices.EnterpriseLibrary.Data.dll will also have the threat from SQL Injection and we need to try out best to prevent it.

    Usually, this threat comes from the text input, so we need to check the input the character if there is the specific one as “’”, we need to prevent it at code side and use the SqlParameter can also prevent the SQL Injection threat.

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, March 5, 2014 8:22 AM
    Moderator