[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] SQL Injection

From: "Schmidt, Albert E" <AES@xxxxxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] SQL Injection
Date: Wed, 12 Jul 2006 14:50:48 -0400

Can anybody please provide me with advice on constructing a SQL
Injection? I am currently auditing a web application.  During the audit
I performed a Paros scan.  The Paros scan resulted in showing several
area's were a SQL injection is possible; however, unless I can exploit a
SQL injection then I am not able to prove that SQL injection is
possible.  I am not looking for complex statements, just something
simple that will provide me information to prove injection is possible.

If you cannot provide this information could you please provide me with
a reference to a book or web page that can.

Thank you,

Albert E. Schmidt, CPA
Senior Information System Auditor
Office of Legislative Audits

----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- RE: [WEB SECURITY] SQL Injection
  - From: Will Jefferies
- Re: [WEB SECURITY] SQL Injection
  - From: Joel R. Helgeson
- Re: [WEB SECURITY] SQL Injection
  - From: J. Santosh Kumar
- RE: [WEB SECURITY] SQL Injection
  - From: Dennis Panduro Rand

References:
- RE: [WEB SECURITY] application security consulting
  - From: robert

Prev by Date: RE: [WEB SECURITY] application security consulting
Next by Date: RE: [WEB SECURITY] SQL Injection
Previous by thread: RE: [WEB SECURITY] application security consulting
Next by thread: RE: [WEB SECURITY] SQL Injection
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org