[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] SQL Injection
- From: Dan Kuykendall <dan@xxxxxxxxxxxxxx>
- Subject: Re: [WEB SECURITY] SQL Injection
- Date: Wed, 12 Jul 2006 18:58:22 -0700
--------------090706000200000007070307
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Thanks for the mention
Im preparing the XSS episode and then will come the advanced sql
injection one.
Mohr, James wrote:
>
> Albert,
> There is a guy named Dan Kuykendall who has a podcast on SQL injection
> (beginners) and also a hand's on site for practicing.
> http://www.mightyseek.com/category/podcasts/hands-on-series/
>
> HTH,
>
> Jim
>
> -----Original Message-----
> From: Schmidt, Albert E [mailto:AES@ola.state.md.us]
> Sent: Wednesday, July 12, 2006 1:51 PM
> To: websecurity@webappsec.org
> Subject: RE: [WEB SECURITY] SQL Injection
>
> Can anybody please provide me with advice on constructing a SQL
> Injection? I am currently auditing a web application. During the audit
> I performed a Paros scan. The Paros scan resulted in showing several
> area's were a SQL injection is possible; however, unless I can exploit a
> SQL injection then I am not able to prove that SQL injection is
> possible. I am not looking for complex statements, just something
> simple that will provide me information to prove injection is possible.
>
> If you cannot provide this information could you please provide me with
> a reference to a book or web page that can.
>
> Thank you,
>
> Albert E. Schmidt, CPA
> Senior Information System Auditor
> Office of Legislative Audits
>
> ------------------------------------------------------------------------
> ----
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
> ----------------------------------------------------------------------------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
--
Dan Kuykendall (aka Seek3r)
http://www.mightyseek.com
In God we trust, all others we virus scan.
Programmer - an organism that turns coffee into software.
--------------090706000200000007070307
Content-Type: text/x-vcard; charset=utf-8;
name="dan.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="dan.vcf"
begin:vcard
fn:Dan Kuykendall
n:Kuykendall;Dan
email;internet:dan@kuykendall.org
tel;cell:(626) 226-8620
note;quoted-printable:AIM - mightyseek=0D=0A=
=0D=0A=
Google Talk - mightyseek@gmail.com=0D=0A=
=0D=0A=
Skype - mightyseek=0D=0A=
=0D=0A=
Yahoo - dansysop
x-mozilla-html:FALSE
url:http://www.mightyseek.com
version:2.1
end:vcard
--------------090706000200000007070307
Content-Type: text/plain; charset=us-ascii
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
--------------090706000200000007070307--
Brought to you by http://www.webappsec.org