![[SJF Logo]](/images/unixwiz-logo-140x80.gif){kind=logo}
« Spam blacklists as denial-of-service attacks? | Main | Malware analysis: Troj/Winser-A »
December 27, 2004
Tech Tip: SQL Injection Attacks by Example
I recently did a penetration test for a customer, and for the first time was able to really go to town with SQL Injection to leverage access to a web application. SQL Injection is providing bogus input to a web form and getting my own input data treated as SQL, and it only works when the application does not properly sanitize input forms (sadly, a common malady).
The process was pretty interesting to me, and on the chance it might be to others, I wrote a Tech Tips that detailed the steps I took to gradually work my way inside.
Unixwiz.net Tech Tip: SQL Injection Attacks by Example
Posted by steve at December 27, 2004 05:41 PM
Trackback Pings
TrackBack URL for this entry:
http://www.unixwiz.net/mt/trackback/19
Listed below are links to weblogs that reference Tech Tip: SQL Injection Attacks by Example:
» SQL Injection Attacks by Example from David, A Random Things Developer
Steve Friedl has published a tech tip on SQL injection. Although this was done with MSSQL as the target, it is worth looking into since the same can be done with MySQL and others.
[Read More]
Tracked on December 31, 2004 05:51 AM
Comments
Excellent article Steve.
Posted by: dmonnier at January 18, 2005 08:50 PM
Steve,
I liked your article, but you never mentioned using regex to validate the user input. If you use regex, you can check the string the user entered and therefore easily determine if they have entered anything other than an email address [even though the email address may not be a valid address].
Posted by: Chris at May 5, 2005 11:39 AM