<pedrocorreia.net ⁄>
 

<SQL Injection Walkthrough ⁄ >




clicks: 4104 4104 2006-10-16 2006-10-16 goto tecnologia myNews tecnologia  Bookmark This Bookmark This


When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS.

This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others. You may find a trick or two but please check out the "9.0 Where can I get more info?" for people who truly deserve credit for developing many techniques in SQL injection.

1.1 What is SQL Injection?
It is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

1.2 What do you need?
Any web browser.

.....



este é só um excerto do artigo, para aceder ao artigo completo, clique no link em baixo:
this is just a small excerpt from the article, to access the full article please click in the link below:

http://www.securiteam.com/securityreviews/5DP0N1P76E.html




Subscribe News RSS  Subscribe News Updates by E-mail





myNews <myNews show="rand" cat="tecnologia" ⁄>

MongoDb Architecture new ...

NOSQL has become a very heated topic for large web-scale deployment where scalability and semi-struc (...)

clicks: 18365 18365 2012-05-14 2012-05-14 goto url (new window) horicky.blogspo... goto myNews tecnologia


A Hopefully Fair and Useful Comparison of Haskell Web Frameworks new ...

Recently there has been a lot of discussion and questions about the differences between the big thre (...)

clicks: 14912 14912 2012-05-13 2012-05-13 goto url (new window) softwaresimply.... goto myNews tecnologia


Retina graphics for your website new ...

retina.js is an open source script that makes it easy to serve high-resolution images to devices wit (...)

clicks: 14779 14779 2012-05-11 2012-05-11 goto url (new window) retinajs.com/ goto myNews tecnologia


What every programmer should know about memory, Part 1 new ...

In the early days computers were much simpler. The various components of a system, such as the CPU, (...)

clicks: 16124 16124 2012-05-10 2012-05-10 goto url (new window) lwn.net/Article... goto myNews tecnologia


The State Of HTML5 Video

HTML5 has entered the online video market, which is both exciting and challenging for developers in (...)

clicks: 6562 6562 2012-02-14 2012-02-14 goto url (new window) longtailvideo.c... goto myNews tecnologia


A Tour of Amazon's DynamoDB

Amazon's recent release of DynamoDB, a database whose name is inspired by Dynamo, the key-value data (...)

clicks: 6191 6191 2012-02-13 2012-02-13 goto url (new window) paperplanes.de/... goto myNews tecnologia


Video: CSS3 Secrets: 10 things you might not know about CSS3

A number of prominent front-end developers delivered helpful talks at this year's Fronteers 2011 con (...)

clicks: 6721 6721 2011-11-30 2011-11-30 goto url (new window) css.dzone.com/a... goto myNews tecnologia


Google BigQuery Service: Big data analytics at Google speed

Rapidly crunching terabytes of big data can lead to better business decisions, but this has traditio (...)

clicks: 5889 5889 2011-11-30 2011-11-30 goto url (new window) googlecode.blog... goto myNews tecnologia