Unicorn injected my T-SQL code

SQL Injection is a very known problem. After brief unicorn discussion on twitter with @DBArgenis and @way0utwest. I came to work today to find my T-SQL Code being injected by a unicorn!

Yes. By a unicorn. I quickly managed to find a work-around.

unicorn

and a work-in-progress T-SQL code:

DECLARE @string VARCHAR(1000);

SET @string = '

						  *
                         *
                    *** *
                  ,******
       ,,...     .,***"**)
      *  ****sp_who***** ""
      .* *****************  
     "  .**"**      *  .*
        *** (*      *  "
         *   *)      *
         *,   **     **   
'			    

			
SET @STRING =  LTRIM(RTRIM(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(@string, ',',''),'(',''),')',''),'.',''),'"',''),'*',''),CHAR(32),''),CHAR(9),''),CHAR(10),''),CHAR(13),'')))
EXEC @STRING

I hope pixies and fairies will not pay me a visit tomorrow.

Advertisements