Comments on: Is Amazon SimpleDB Injection Attack Safe? http://www.typemismatch.com/2009/09/18/is-amazon-simpledb-injection-attack-safe/ just a projection of my own imagination Sat, 04 Feb 2012 14:38:00 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Chris Moschini http://www.typemismatch.com/2009/09/18/is-amazon-simpledb-injection-attack-safe/comment-page-1/#comment-5705 Chris Moschini Thu, 18 Feb 2010 03:38:44 +0000 http://www.typemismatch.com/?p=197#comment-5705 It seems the following attack is viable on SimpleDB: Text field value: ' or a is null or a = 1' If you used this as part of the where clause without escaping single quotes, the quotes would escape your code's quotes and effectively eliminate all constraints on the data returned. I'm not sure there are ways to inject more columns though, and there's certainly no delete injection. It seems the following attack is viable on SimpleDB:

Text field value:
‘ or a is null or a = 1′

If you used this as part of the where clause without escaping single quotes, the quotes would escape your code’s quotes and effectively eliminate all constraints on the data returned.

I’m not sure there are ways to inject more columns though, and there’s certainly no delete injection.

]]>