[WEB SECURITY] SQL Injection

Evans, Arian Arian.Evans at fishnetsecurity.com
Wed Jul 12 16:43:23 EDT 2006


> -----Original Message-----
> From: Schmidt, Albert E [mailto:AES at ola.state.md.us] 
> Sent: Wednesday, July 12, 2006 1:51 PM
> To: websecurity at webappsec.org
> Subject: RE: [WEB SECURITY] SQL Injection
> 
> Can anybody please provide me with advice on constructing a SQL Injection?

Depends on your database and the query.


> I performed a Paros scan.  The Paros scan resulted in showing several
> area's were a SQL injection is possible;

Possibly.

> If you cannot provide this information could you please 
> provide me with a reference to a book or web page that can.

This covers a nice range of the subject, including several step by
step tutorials quite easy to follow:

http://www.google.com/search?hl=en&q=sql+injection&btnG=Google+Search

Depending on the backend you might want to add MSSQL, MySQL,
Oracle, Postgress, DB2, or Informix the string. You won't find
much on the latter two in terms of beginner tutorial info.

-ae



 

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list