[WEB SECURITY] SQL Injection

Dan Kuykendall dan at kuykendall.org
Wed Jul 12 21:58:22 EDT 2006


Thanks for the mention

Im preparing the XSS episode and then will come the advanced sql
injection one.

Mohr, James wrote:
>  
> Albert,
>   There is a guy named Dan Kuykendall who has a podcast on SQL injection
> (beginners) and also a hand's on site for practicing.
> http://www.mightyseek.com/category/podcasts/hands-on-series/  
> 
> HTH,
> 
> Jim
> 
> -----Original Message-----
> From: Schmidt, Albert E [mailto:AES at ola.state.md.us] 
> Sent: Wednesday, July 12, 2006 1:51 PM
> To: websecurity at webappsec.org
> Subject: RE: [WEB SECURITY] SQL Injection
> 
> Can anybody please provide me with advice on constructing a SQL
> Injection? I am currently auditing a web application.  During the audit
> I performed a Paros scan.  The Paros scan resulted in showing several
> area's were a SQL injection is possible; however, unless I can exploit a
> SQL injection then I am not able to prove that SQL injection is
> possible.  I am not looking for complex statements, just something
> simple that will provide me information to prove injection is possible.
> 
> If you cannot provide this information could you please provide me with
> a reference to a book or web page that can.
> 
> Thank you,
> 
> Albert E. Schmidt, CPA
> Senior Information System Auditor
> Office of Legislative Audits
> 
> ------------------------------------------------------------------------
> ----
> The Web Security Mailing List: 
> http://www.webappsec.org/lists/websecurity/
> 
> The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> 
> 
> ----------------------------------------------------------------------------
> The Web Security Mailing List: 
> http://www.webappsec.org/lists/websecurity/
> 
> The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> 

-- 
Dan Kuykendall (aka Seek3r)
http://www.mightyseek.com

In God we trust, all others we virus scan.
Programmer - an organism that turns coffee into software.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dan.vcf
Type: text/x-vcard
Size: 343 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060712/e47f63e4/attachment.vcf>
-------------- next part --------------
----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


More information about the websecurity mailing list