String-based Attacks Demystified
by Herbert H. Thompson and James A. Whittaker

Listing One

<HTML>
<SCRIPT>
checkval=new RegExp("[\-\'\;]");
function validate(){
    if (checkval.test(form1.Acct.value)){ 
        alert("Account names and passwords should only
            contain numbers and letters");
        event.returnValue=false;
    }
    if (checkval.test(form1.Pin.value)){ 
        alert("Account names and passwords should only
            contain numbers and letters");
        event.returnValue=false;
    }
}
  ...
<FORM name="form1" action="process.asp" method="post" onsubmit="validate();">
 ...
<TD>Account</TD>
<TD><INPUT type="text" name="Acct" size="20"></TD>
</TR><TR>
<TD>Pin #</TD>
<TD><INPUT type="password" name="Pin" size="20"></TD>
 ...
</FORM>
</HTML>


Listing Two

<%@ LANGUAGE = VBScript %>
<% Option Explicit  %>
<%
 ...
    QueryName = "SELECT * FROM Records WHERE Username = '" 
    QueryName = QueryName & Request.Form("Acct") & "' and   Pin = '" & 
    Request.Form("Pin") & "'"       
    Set oRs = oConn.Execute(QueryName)
%> Your Records</p>
<TABLE border = 1>
<%  
    Do while (Not oRs.eof) %>
        <tr>
        <% For Index=0 to (oRs.fields.count-1) %>
        <TD VAlign=top><% = oRs(Index)%>&nbsp;</TD>
        <% Next %>
        </tr>
    <% oRs.MoveNext 
Loop 
%>
 ...





2

