Re: [WEB SECURITY] SQL Injection

["Joel R. Helgeson" <joel@xxxxxxxxxxxx>]

Visit www.appiant.net, watch the videos there.

Joel
----- Original Message ----- 
From: "Schmidt, Albert E" <AES@xxxxxxxxxxxxxxx>
To: <websecurity@xxxxxxxxxxxxx>
Sent: Wednesday, July 12, 2006 1:50 PM
Subject: RE: [WEB SECURITY] SQL Injection


Can anybody please provide me with advice on constructing a SQL
Injection? I am currently auditing a web application.  During the audit
I performed a Paros scan.  The Paros scan resulted in showing several
area's were a SQL injection is possible; however, unless I can exploit a
SQL injection then I am not able to prove that SQL injection is
possible.  I am not looking for complex statements, just something
simple that will provide me information to prove injection is possible.

If you cannot provide this information could you please provide me with
a reference to a book or web page that can.

Thank you,

Albert E. Schmidt, CPA
Senior Information System Auditor
Office of Legislative Audits

----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]