[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [WEB SECURITY] SQL Injection
- From: "Dennis Panduro Rand" <der@xxxxxxx>
- Subject: RE: [WEB SECURITY] SQL Injection
- Date: Sat, 22 Jul 2006 12:25:00 +0200
Hey there
Depending on what SQL database there is you can look at the following link
http://www.securiteam.com/tools/5HP011FHPO.html
Regards
Dennis Rand
CIRT.DK
-----Original Message-----
From: Schmidt, Albert E [mailto:AES@xxxxxxxxxxxxxxx]
Sent: Wednesday, July 12, 2006 8:51 PM
To: websecurity@xxxxxxxxxxxxx
Subject: RE: [WEB SECURITY] SQL Injection
Can anybody please provide me with advice on constructing a SQL Injection? I
am currently auditing a web application. During the audit I performed a
Paros scan. The Paros scan resulted in showing several area's were a SQL
injection is possible; however, unless I can exploit a SQL injection then I
am not able to prove that SQL injection is possible. I am not looking for
complex statements, just something simple that will provide me information
to prove injection is possible.
If you cannot provide this information could you please provide me with a
reference to a book or web page that can.
Thank you,
Albert E. Schmidt, CPA
Senior Information System Auditor
Office of Legislative Audits
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Brought to you by http://www.webappsec.org