lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Jan 2005 09:30:39 -0800 From: Steve Friedl <steve@...xwiz.net> To: bugtraq@...urityfocus.com Subject: Paper: SQL Injection Attacks by Example Hello folks (and Happy New Year), I recently posted this to the PEN-TEST list, but it was suggested that the wider Bugtraq readership might benefit from it. During a recent security review for a customer, I was able to completely compromise his web application in about two hours using SQL Injection, logging in as the Chief Information Officer. I've written a paper on SQL Injection Attacks, not so much as a tutorial, but an illustrated overview showing the process (those with only a casual knowledge of SQL have told me it's easy to understand). Those who write (or test) web applications really ought to know about SQL Injection attacks, because the bad guys certainly do. SQL Injection Attacks by Example http://www.unixwiz.net/techtips/sql-injection.html Steve -- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve@...xwiz.net
Powered by blists - more mailing lists