<pedrocorreia.net ⁄>
 

<Everything you wanted to know about SQL injection ⁄ >




clicks: 3405 3405 2006-08-08 2006-08-08 goto programacao myNews programacao  Bookmark This Bookmark This


But were afraid to ask. If you are a CMS user or web developer then you should know what SQL injection attacks are and how to protect your web applications against them. Hackers are using more SQL based attacks, getting smarter about how to attack a website and using better tools. You have to get a good understanding of how their attacks work if you are going to choose the right software and keep your website secure. Here I will review several types of SQL injection attacks and how they occur. Then take a look at what web developers and end users can do to prevent them

The Types of Injection
Though they all are based on essentially the same web application security flaw. Each one takes advantage of the security hole in a different manner. They do have different levels of damage they can inflict and they are not the same when it comes to the amount of time and work they take to implement. This is all true is the case of manually trying to hack a website. But since hackers are smart they use "educational" tools to speed up their handy work with automation. There are three forms of SQL injection attack
  • Redirection and reshaping a query

  • Based on error messages

  • Blind injection


  • Redirection and Query Manipulation

    SQL Injection can be as simple as placing additional SQL commands into a web form input box in one of the common areas of a website! SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters. This is a simple technique that can cause immediate damage to a website or allow the use of a website as an email spam device. The attack designs a script that sends information to a URI or web form on your site whenever they want to send emails via your webservers STMP server. Just think of how nice it is to get an email telling you that someone has recieved hundreds of spam emails from your websites ipaddress. The other type of attack in this category is entering data into a database so that the web pages are changed to send a visitor to another website. They would do this by entering characters so that the web browser would parse them as HTML. The HTML would contain a javascript or meta tag redirection to another website. The simplest technique is to just enter an apostrophe where it is unexpected to stop a web page from loading so that a visitor gets a blank page or a simple text message



    este é só um excerto do artigo, para aceder ao artigo completo, clique no link em baixo:
    this is just a small excerpt from the article, to access the full article please click in the link below:

    http://www.hiveminds.co.uk/node/3104/




    Subscribe News RSS  Subscribe News Updates by E-mail





    myNews <myNews show="rand" cat="programacao" ⁄>

    RouterJs: easy routing for your ajax Web applications new ...

    RouterJs is a simple router for your ajax web apps. It's build upon History.js which means that Rout (...)

    clicks: 16499 16499 2012-05-14 2012-05-14 goto url (new window) haithembelhaj.g... goto myNews programacao


    Backbone computed properties new ...

    This gist shows one way to implement read- and write-enabled computed properties on a Backbone Model (...)

    clicks: 16344 16344 2012-05-13 2012-05-13 goto url (new window) https://gist.gi... goto myNews programacao


    HTML5 jQuery Paint Plugin new ...

    Websanova Paint is a HTML5 canvas based jQuery plugin. It allows you to free paint on a canvas area (...)

    clicks: 27135 27135 2012-05-12 2012-05-12 goto url (new window) websanova.com/t... goto myNews programacao


    Android Query new ...

    Android-Query (AQuery) is a light-weight library for doing asynchronous tasks and manipulating UI el (...)

    clicks: 16533 16533 2012-05-12 2012-05-12 goto url (new window) code.google.com... goto myNews programacao


    Create Instagram Filters With PHP new ...

    In this tutorial, I'll demonstrate how to create vintage (just like Instagram does) photos with PHP (...)

    clicks: 16041 16041 2012-05-12 2012-05-12 goto url (new window) net.tutsplus.co... goto myNews programacao


    Sass vs. LESS vs. Stylus: Preprocessor Shootout new ...

    CSS3 preprocessors are languages written for the sole purpose of adding cool, inventive features to (...)

    clicks: 15741 15741 2012-05-11 2012-05-11 goto url (new window) net.tutsplus.co... goto myNews programacao


    Real-time Applications With Node.js and Socket.IO new ...

    Hey everyone! Sorry about the long pause since the last blog post, life has been quite hectic for th (...)

    clicks: 16412 16412 2012-05-11 2012-05-11 goto url (new window) codingcookies.c... goto myNews programacao


    Gettings to know Backbone.ks new ...

    In this series, we're going to learn how to build a fully functional contacts manager using Backbone (...)

    clicks: 15297 15297 2012-05-10 2012-05-10 goto url (new window) net.tutsplus.co... goto myNews programacao