<pedrocorreia.net ⁄>

<Everything you wanted to know about SQL injection ⁄ >

clicks: 3797 3797 2006-08-08 2006-08-08 goto programacao myNews programacao  Bookmark This Bookmark This

But were afraid to ask. If you are a CMS user or web developer then you should know what SQL injection attacks are and how to protect your web applications against them. Hackers are using more SQL based attacks, getting smarter about how to attack a website and using better tools. You have to get a good understanding of how their attacks work if you are going to choose the right software and keep your website secure. Here I will review several types of SQL injection attacks and how they occur. Then take a look at what web developers and end users can do to prevent them

The Types of Injection
Though they all are based on essentially the same web application security flaw. Each one takes advantage of the security hole in a different manner. They do have different levels of damage they can inflict and they are not the same when it comes to the amount of time and work they take to implement. This is all true is the case of manually trying to hack a website. But since hackers are smart they use "educational" tools to speed up their handy work with automation. There are three forms of SQL injection attack
  • Redirection and reshaping a query

  • Based on error messages

  • Blind injection

  • Redirection and Query Manipulation

    SQL Injection can be as simple as placing additional SQL commands into a web form input box in one of the common areas of a website! SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters. This is a simple technique that can cause immediate damage to a website or allow the use of a website as an email spam device. The attack designs a script that sends information to a URI or web form on your site whenever they want to send emails via your webservers STMP server. Just think of how nice it is to get an email telling you that someone has recieved hundreds of spam emails from your websites ipaddress. The other type of attack in this category is entering data into a database so that the web pages are changed to send a visitor to another website. They would do this by entering characters so that the web browser would parse them as HTML. The HTML would contain a javascript or meta tag redirection to another website. The simplest technique is to just enter an apostrophe where it is unexpected to stop a web page from loading so that a visitor gets a blank page or a simple text message

    este é só um excerto do artigo, para aceder ao artigo completo, clique no link em baixo:
    this is just a small excerpt from the article, to access the full article please click in the link below:


    Subscribe News RSS  Subscribe News Updates by E-mail

    myNews <myNews show="rand" cat="programacao" ⁄>

    RouterJs: easy routing for your ajax Web applications new ...

    RouterJs is a simple router for your ajax web apps. It's build upon History.js which means that Rout (...)

    clicks: 18100 18100 2012-05-14 2012-05-14 goto url (new window) haithembelhaj.g... goto myNews programacao

    Backbone computed properties new ...

    This gist shows one way to implement read- and write-enabled computed properties on a Backbone Model (...)

    clicks: 17788 17788 2012-05-13 2012-05-13 goto url (new window) https://gist.gi... goto myNews programacao

    Android Query new ...

    Android-Query (AQuery) is a light-weight library for doing asynchronous tasks and manipulating UI el (...)

    clicks: 17781 17781 2012-05-12 2012-05-12 goto url (new window) code.google.com... goto myNews programacao

    Create Instagram Filters With PHP new ...

    In this tutorial, I'll demonstrate how to create vintage (just like Instagram does) photos with PHP (...)

    clicks: 17778 17778 2012-05-12 2012-05-12 goto url (new window) net.tutsplus.co... goto myNews programacao

    HTML5 jQuery Paint Plugin new ...

    Websanova Paint is a HTML5 canvas based jQuery plugin. It allows you to free paint on a canvas area (...)

    clicks: 28880 28880 2012-05-12 2012-05-12 goto url (new window) websanova.com/t... goto myNews programacao

    Real-time Applications With Node.js and Socket.IO new ...

    Hey everyone! Sorry about the long pause since the last blog post, life has been quite hectic for th (...)

    clicks: 18112 18112 2012-05-11 2012-05-11 goto url (new window) codingcookies.c... goto myNews programacao

    Sass vs. LESS vs. Stylus: Preprocessor Shootout new ...

    CSS3 preprocessors are languages written for the sole purpose of adding cool, inventive features to (...)

    clicks: 17504 17504 2012-05-11 2012-05-11 goto url (new window) net.tutsplus.co... goto myNews programacao

    Gettings to know Backbone.ks new ...

    In this series, we're going to learn how to build a fully functional contacts manager using Backbone (...)

    clicks: 16694 16694 2012-05-10 2012-05-10 goto url (new window) net.tutsplus.co... goto myNews programacao