RE: [WEB SECURITY] SQL Injection

["Evans, Arian" <Arian.Evans@xxxxxxxxxxxxxxxxxxx>]

> -----Original Message-----
> From: Schmidt, Albert E [mailto:AES@xxxxxxxxxxxxxxx] 
> Sent: Wednesday, July 12, 2006 1:51 PM
> To: websecurity@xxxxxxxxxxxxx
> Subject: RE: [WEB SECURITY] SQL Injection
> 
> Can anybody please provide me with advice on constructing a SQL Injection?

Depends on your database and the query.


> I performed a Paros scan.  The Paros scan resulted in showing several
> area's were a SQL injection is possible;

Possibly.

> If you cannot provide this information could you please 
> provide me with a reference to a book or web page that can.

This covers a nice range of the subject, including several step by
step tutorials quite easy to follow:

http://www.google.com/search?hl=en&q=sql+injection&btnG=Google+Search

Depending on the backend you might want to add MSSQL, MySQL,
Oracle, Postgress, DB2, or Informix the string. You won't find
much on the latter two in terms of beginner tutorial info.

-ae



 

----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]