<pedrocorreia.net ⁄>
 

<Everything you wanted to know about SQL injection ⁄ >




clicks: 3475 3475 2006-08-08 2006-08-08 goto programacao myNews programacao  Bookmark This Bookmark This


But were afraid to ask. If you are a CMS user or web developer then you should know what SQL injection attacks are and how to protect your web applications against them. Hackers are using more SQL based attacks, getting smarter about how to attack a website and using better tools. You have to get a good understanding of how their attacks work if you are going to choose the right software and keep your website secure. Here I will review several types of SQL injection attacks and how they occur. Then take a look at what web developers and end users can do to prevent them

The Types of Injection
Though they all are based on essentially the same web application security flaw. Each one takes advantage of the security hole in a different manner. They do have different levels of damage they can inflict and they are not the same when it comes to the amount of time and work they take to implement. This is all true is the case of manually trying to hack a website. But since hackers are smart they use "educational" tools to speed up their handy work with automation. There are three forms of SQL injection attack
  • Redirection and reshaping a query

  • Based on error messages

  • Blind injection


  • Redirection and Query Manipulation

    SQL Injection can be as simple as placing additional SQL commands into a web form input box in one of the common areas of a website! SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters. This is a simple technique that can cause immediate damage to a website or allow the use of a website as an email spam device. The attack designs a script that sends information to a URI or web form on your site whenever they want to send emails via your webservers STMP server. Just think of how nice it is to get an email telling you that someone has recieved hundreds of spam emails from your websites ipaddress. The other type of attack in this category is entering data into a database so that the web pages are changed to send a visitor to another website. They would do this by entering characters so that the web browser would parse them as HTML. The HTML would contain a javascript or meta tag redirection to another website. The simplest technique is to just enter an apostrophe where it is unexpected to stop a web page from loading so that a visitor gets a blank page or a simple text message



    este é só um excerto do artigo, para aceder ao artigo completo, clique no link em baixo:
    this is just a small excerpt from the article, to access the full article please click in the link below:

    http://www.hiveminds.co.uk/node/3104/




    Subscribe News RSS  Subscribe News Updates by E-mail





    myNews <myNews show="rand" cat="programacao" ⁄>

    RouterJs: easy routing for your ajax Web applications new ...

    RouterJs is a simple router for your ajax web apps. It's build upon History.js which means that Rout (...)

    clicks: 16701 16701 2012-05-14 2012-05-14 goto url (new window) haithembelhaj.g... goto myNews programacao


    Backbone computed properties new ...

    This gist shows one way to implement read- and write-enabled computed properties on a Backbone Model (...)

    clicks: 16531 16531 2012-05-13 2012-05-13 goto url (new window) https://gist.gi... goto myNews programacao


    Android Query new ...

    Android-Query (AQuery) is a light-weight library for doing asynchronous tasks and manipulating UI el (...)

    clicks: 16733 16733 2012-05-12 2012-05-12 goto url (new window) code.google.com... goto myNews programacao


    HTML5 jQuery Paint Plugin new ...

    Websanova Paint is a HTML5 canvas based jQuery plugin. It allows you to free paint on a canvas area (...)

    clicks: 27376 27376 2012-05-12 2012-05-12 goto url (new window) websanova.com/t... goto myNews programacao


    Create Instagram Filters With PHP new ...

    In this tutorial, I'll demonstrate how to create vintage (just like Instagram does) photos with PHP (...)

    clicks: 16297 16297 2012-05-12 2012-05-12 goto url (new window) net.tutsplus.co... goto myNews programacao


    Real-time Applications With Node.js and Socket.IO new ...

    Hey everyone! Sorry about the long pause since the last blog post, life has been quite hectic for th (...)

    clicks: 16665 16665 2012-05-11 2012-05-11 goto url (new window) codingcookies.c... goto myNews programacao


    Sass vs. LESS vs. Stylus: Preprocessor Shootout new ...

    CSS3 preprocessors are languages written for the sole purpose of adding cool, inventive features to (...)

    clicks: 15957 15957 2012-05-11 2012-05-11 goto url (new window) net.tutsplus.co... goto myNews programacao


    15 Handpicked jQuery Drop Down Menus Tutorials new ...

    Here we are presenting another brilliant collection of 15 jQuery navigation menu that you can downlo (...)

    clicks: 15672 15672 2012-05-10 2012-05-10 goto url (new window) smashingapps.co... goto myNews programacao