[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [WEB SECURITY] SQL Injection
- From: "Mohr, James" <James.Mohr@xxxxxxxxxxxxxxxx>
- Subject: RE: [WEB SECURITY] SQL Injection
- Date: Wed, 12 Jul 2006 14:48:30 -0500
Albert,
There is a guy named Dan Kuykendall who has a podcast on SQL injection
(beginners) and also a hand's on site for practicing.
http://www.mightyseek.com/category/podcasts/hands-on-series/
HTH,
Jim
-----Original Message-----
From: Schmidt, Albert E [mailto:AES@xxxxxxxxxxxxxxx]
Sent: Wednesday, July 12, 2006 1:51 PM
To: websecurity@xxxxxxxxxxxxx
Subject: RE: [WEB SECURITY] SQL Injection
Can anybody please provide me with advice on constructing a SQL
Injection? I am currently auditing a web application. During the audit
I performed a Paros scan. The Paros scan resulted in showing several
area's were a SQL injection is possible; however, unless I can exploit a
SQL injection then I am not able to prove that SQL injection is
possible. I am not looking for complex statements, just something
simple that will provide me information to prove injection is possible.
If you cannot provide this information could you please provide me with
a reference to a book or web page that can.
Thank you,
Albert E. Schmidt, CPA
Senior Information System Auditor
Office of Legislative Audits
------------------------------------------------------------------------
----
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Brought to you by http://www.webappsec.org
Search this site
|