Bugtraqmailing list archives
Paper: SQL Injection Attacks by Example
From: Steve Friedl <steve () unixwiz net>
Date: Wed, 5 Jan 2005 09:30:39 -0800
Hello folks (and Happy New Year),I recently posted this to the PEN-TEST list, but it was suggested thatthe wider Bugtraq readership might benefit from it.During a recent security review for a customer, I was able to completelycompromise his web application in about two hours using SQL Injection,logging in as the Chief Information Officer.I've written a paper on SQL Injection Attacks, not so much as a tutorial,but an illustrated overview showing the process (those with only a casualknowledge of SQL have told me it's easy to understand).Those who write (or test) web applications really ought to know about SQLInjection attacks, because the bad guys certainly do. SQL Injection Attacks by Examplehttp://www.unixwiz.net/techtips/sql-injection.htmlSteve-- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve () unixwiz net
Current thread:
- Paper: SQL Injection Attacks by ExampleSteve Friedl (Jan 05)
- RE: Paper: SQL Injection Attacks by ExampleDavid Litchfield (Jan 05)
- <Possible follow-ups>
- RE: Paper: SQL Injection Attacks by ExampleScovetta, Michael V (Jan 05)
- Re: Paper: SQL Injection Attacks by ExampleChip Andrews (Jan 05)
- Re: Paper: SQL Injection Attacks by ExampleCory Foy (Jan 05)
- RE: Paper: SQL Injection Attacks by ExampleDavid Litchfield (Jan 05)
- RE: Paper: SQL Injection Attacks by ExampleMichael Silk (Jan 05)
- RE: Paper: SQL Injection Attacks by ExampleScovetta, Michael V (Jan 05)
- RE: Paper: SQL Injection Attacks by ExampleSergey Chernyshev (Jan 06)