[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [WEB SECURITY] SQL Injection:Paros and patent violation
- From: MKP <secqrity@xxxxxxxxx>
- Subject: RE: [WEB SECURITY] SQL Injection:Paros and patent violation
- Date: Thu, 13 Jul 2006 02:10:13 -0700 (PDT)
--0-1372874693-1152781813=:9482
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
I have a query on usage of Paros.
Since Paros has a feature to scan for web application vulnerabilities like SQL Injection, XSS etc does the usage of paros infringe the Patent being held by Sanctum (Now Watchfire)- US Patent Number 6,584,569 ?
What restrictions can a patent impose on open source tools (its usage) that have implemented the patented features?
Please share your thoughts.
Regards
MKP
-----Original Message-----
From: Schmidt, Albert E [mailto:AES@ola.state.md.us]
Sent: Thursday, July 13, 2006 12:21 AM
To: websecurity@webappsec.org
Subject: RE: [WEB SECURITY] SQL Injection
Can anybody please provide me with advice on constructing a SQL
Injection? I am currently auditing a web application. During the audit
I performed a Paros scan. The Paros scan resulted in showing several
area's were a SQL injection is possible; however, unless I can exploit a
SQL injection then I am not able to prove that SQL injection is
possible. I am not looking for complex statements, just something
simple that will provide me information to prove injection is possible.
If you cannot provide this information could you please provide me with
a reference to a book or web page that can.
Thank you,
Albert E. Schmidt, CPA
Senior Information System Auditor
Office of Legislative Audits
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
---------------------------------
Sneak preview the all-new Yahoo.com. It's not radically different. Just radically better.
--0-1372874693-1152781813=:9482
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
<DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p><FONT face="Courier New">I have a query on usage of Paros.</FONT></o:p></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p></o:p> </DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p>Since Paros has a feature to scan for web application vulnerabilities like SQL Injection, XSS etc does t</o:p><o:p>he usage of paros infringe the Patent being held by Sanctum (Now Watchfire)- US Patent Number <STRONG>6,584,569 ?</STRONG></o:p></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p></o:p> </DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p>What restrictions can a patent impose on open source tools (its usage) that have implemented the patented features?</o:p></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p></o:p> </DIV> <DIV class=MsoPlainText style="MARGIN:
0in 0in 0pt"><o:p>Please share your thoughts.</o:p></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p></o:p> </DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p>Regards</o:p></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p>MKP</o:p></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p></o:p> </DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p><FONT face="Courier New"></FONT></o:p> </DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p><FONT face="Courier New"></FONT></o:p> </DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">-----Original Message-----<BR>From: Schmidt, Albert E [mailto:AES@ola.state.md.us] <BR>Sent: Thursday, July 13, 2006 12:21 AM<BR>To: websecurity@webappsec.org<BR>Subject: RE: [WEB SECURITY] SQL Injection</FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p><FONT face="Courier New"> </FONT></o:p></DIV>
<DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">Can anybody please provide me with advice on constructing a SQL<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">Injection? I am currently auditing a web application.<SPAN style="mso-spacerun: yes"> </SPAN>During the audit<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">I performed a Paros scan.<SPAN style="mso-spacerun: yes"> </SPAN>The Paros scan resulted in showing several<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">area's were a SQL injection is possible; however, unless I can exploit a<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">SQL injection then I am not able to prove that SQL injection is<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in
0pt"><FONT face="Courier New">possible.<SPAN style="mso-spacerun: yes"> </SPAN>I am not looking for complex statements, just something<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">simple that will provide me information to prove injection is possible.<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p><FONT face="Courier New"> </FONT></o:p></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">If you cannot provide this information could you please provide me with<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">a reference to a book or web page that can.<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p><FONT face="Courier New"> </FONT></o:p></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">Thank
you,<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p><FONT face="Courier New"> </FONT></o:p></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">Albert E. Schmidt, CPA<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">Senior Information System Auditor<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">Office of Legislative Audits<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p><FONT face="Courier New"> </FONT></o:p></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">----------------------------------------------------------------------------<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">The Web Security Mailing List: <o:p></o:p></FONT></DIV> <DIV class=MsoPlainText
style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">http://www.webappsec.org/lists/websecurity/<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><o:p><FONT face="Courier New"> </FONT></o:p></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">The Web Security Mailing List Archives: <o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">http://www.webappsec.org/lists/websecurity/archive/<o:p></o:p></FONT></DIV> <DIV class=MsoPlainText style="MARGIN: 0in 0in 0pt"><FONT face="Courier New">http://www.webappsec.org/rss/websecurity.rss [RSS Feed]<o:p></o:p></FONT></DIV><p> 
<hr size=1>Sneak preview the <a href="http://us.rd.yahoo.com/evt=40762/*http://www.yahoo.com/preview";> all-new Yahoo.com</a>. It's not radically different. Just radically better.
--0-1372874693-1152781813=:9482--
Brought to you by http://www.webappsec.org
Search this site
|