[WEB SECURITY] SQL Injection

Dennis Panduro Rand der at cirt.dk
Sat Jul 22 06:25:00 EDT 2006


Hey there

Depending on what SQL database there is you can look at the following link
http://www.securiteam.com/tools/5HP011FHPO.html

Regards
Dennis Rand
CIRT.DK 

-----Original Message-----
From: Schmidt, Albert E [mailto:AES at ola.state.md.us] 
Sent: Wednesday, July 12, 2006 8:51 PM
To: websecurity at webappsec.org
Subject: RE: [WEB SECURITY] SQL Injection

Can anybody please provide me with advice on constructing a SQL Injection? I
am currently auditing a web application.  During the audit I performed a
Paros scan.  The Paros scan resulted in showing several area's were a SQL
injection is possible; however, unless I can exploit a SQL injection then I
am not able to prove that SQL injection is possible.  I am not looking for
complex statements, just something simple that will provide me information
to prove injection is possible.

If you cannot provide this information could you please provide me with a
reference to a book or web page that can.

Thank you,

Albert E. Schmidt, CPA
Senior Information System Auditor
Office of Legislative Audits

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]





----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list