Home/ Questions/Q 3633146
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T00:36:57+00:00

Is SQL injection a threat with WMI? For example: Given the following code, if

  • 0

Is SQL injection a threat with WMI?

For example:

Given the following code, if domainName is provided externally and not sanitised, what could a malicious attacker potentially achieve?

string domainName = "user-inputted-domain.com";
string wql = "SELECT * 
    FROM MicrosoftDNS_ATYPE
    WHERE OwnerName = '" + domainName + "'";
// perform WMI query here...

If it is a threat, which I imagine it is, what would be the best way to defend against it in lieu of not using a normal parameterised query like I would with LINQ? Would simply stripping out any ['] characters do the trick?

And on a different note, are there any LINQ extensions for querying WMI which would address this?

Edit: Found the SelectQuery class. Haven’t tried it yet, but it seems to have more robust query-building capabilities, e.g. a Condition property.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s vulnerable in the same way, in that they could input any arbitrary conditions after that. Think if they put in foo' OR SomeOtherField='bar as their input. However, I don’t think you can do multiple WQL queries in one single string so it may not have the same “attack surface” so to speak, since WQL is such a small subset of SQL.

    So, the attack method would still work, yes. What exact risks that exposes you to depends on some of the following things:

    • Could a would-be attacker prematurely terminate your WQL statement and then insert their own?
    • Could they adjust the filter to release more data than you want (as I mentioned above)?
    • probably lots of others I haven’t thought of
    • 0