Authorization Bypass Through User-Controlled SQL Primary Key
The user can't get access to the software database but is able to control and modify a primary key of a SQL statement.
Errors of database access control take place when:
1. The data source is untrusted;
2.The data specifies the value of a primary key in a SQL query.
3. The untrusted source isn't alowed to access certain records of database table.
The weakness is introduced during Architecture and Design, Implementation stages.
Errors of database access control take place when:
1. The data source is untrusted;
2.The data specifies the value of a primary key in a SQL query.
3. The untrusted source isn't alowed to access certain records of database table.
The weakness is introduced during Architecture and Design, Implementation stages.