Home/ Questions/Q 8903615
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T01:54:47+00:00

I am looking for backdoors in various softwares and wondering if the following code

  • 0

I am looking for backdoors in various softwares and wondering if the following code is vulnerable to a sql injection.

There’s an email field with the following validation expression. (ASPX/CS)

ValidationExpression="\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*">

Is it possible to exploit the above to drop a table for example or do anything malicious using a SQL injection?

Thanks
Regards

EDIT 1: People have asked me how this was implemented —

SqlConnection conn = new SqlConnection(snpConnectionString);
SqlCommand command = conn.CreateCommand();
conn.Open();
command.CommandText = "INSERT INTO TABLE_ VALUES ('" + TextBoxFN.Text + "','" + TextBoxLN.Text + "','" + sb1.ToString() + "','" + TextBoxEA.Text + "','" + sb.ToString() + "',0,'" + DateTime.Now + "')";
try{
    SqlDataReader reader = command.ExecuteReader();
}
catch
{
    Response.Redirect("Error.aspx", true);
}

TextBoxEA.text corresponds to the email address.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Regular expression validation is great for the UI or business layer to check user input to prevent errors.

    It is less great for preventing SQL injection.

    If the code does not use parameterized queries, it is vulnerable either now, or later after someone makes a minor error updating the regular expression to conform to a new business requirement.

    • 0