O'Reilly logo

Learning Pentesting for Android Devices by Aditya Gupta

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security vulnerability

One of the most common vulnerabilities in both web applications and mobile applications are the injection-based vulnerabilities. SQLite also suffers from an injection vulnerability if the input given by the user is used as it is or with little but insufficient protection in a dynamic SQL query.

Let's have a look at the SQL query used to query the data in the application, as shown here:

String getSQL = "SELECT * FROM " + tableName + " WHERE " + 
username + " = '" + uname + "' AND " + password + " = '" + pword + 
"'";
Cursor cursor = dataBase.rawQuery(getSQL , null);

In the preceding SQL query, the uname and pword fields are being passed from the user input directly into the SQL query, which is then executed using the rawQuery ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required