lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050105173039.GA4082@linux.unixwiz.net>
Date: Wed, 5 Jan 2005 09:30:39 -0800
From: Steve Friedl <steve@...xwiz.net>
To: bugtraq@...urityfocus.com
Subject: Paper: SQL Injection Attacks by Example


Hello folks (and Happy New Year),

I recently posted this to the PEN-TEST list, but it was suggested that
the wider Bugtraq readership might benefit from it.

During a recent security review for a customer, I was able to completely
compromise his web application in about two hours using SQL Injection,
logging in as the Chief Information Officer.

I've written a paper on SQL Injection Attacks, not so much as a tutorial,
but an illustrated overview showing the process (those with only a casual
knowledge of SQL have told me it's easy to understand).

Those who write (or test) web applications really ought to know about SQL
Injection attacks, because the bad guys certainly do.

	SQL Injection Attacks by Example
	http://www.unixwiz.net/techtips/sql-injection.html

Steve

-- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve@...xwiz.net


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ