[WEB SECURITY] SQL Injection

Mohr, James James.Mohr at ParkNicollet.com
Wed Jul 12 15:48:30 EDT 2006


 
Albert,
  There is a guy named Dan Kuykendall who has a podcast on SQL injection
(beginners) and also a hand's on site for practicing.
http://www.mightyseek.com/category/podcasts/hands-on-series/  

HTH,

Jim

-----Original Message-----
From: Schmidt, Albert E [mailto:AES at ola.state.md.us] 
Sent: Wednesday, July 12, 2006 1:51 PM
To: websecurity at webappsec.org
Subject: RE: [WEB SECURITY] SQL Injection

Can anybody please provide me with advice on constructing a SQL
Injection? I am currently auditing a web application.  During the audit
I performed a Paros scan.  The Paros scan resulted in showing several
area's were a SQL injection is possible; however, unless I can exploit a
SQL injection then I am not able to prove that SQL injection is
possible.  I am not looking for complex statements, just something
simple that will provide me information to prove injection is possible.

If you cannot provide this information could you please provide me with
a reference to a book or web page that can.

Thank you,

Albert E. Schmidt, CPA
Senior Information System Auditor
Office of Legislative Audits

------------------------------------------------------------------------
----
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list