Penetration Testing mailing list archives
SQL Injection Attacks by Example
From: Steve Friedl <steve () unixwiz net>
Date: Sun, 2 Jan 2005 10:45:02 -0800
Hello listmates, I've written what I think is a decent introduction to the topic, mainly intended to "make real" the danger to a web developer who has heard of the subject but not actually really dug in. I talk about a test where I had to penetrate a web application, and it wasn't "just one step" - the steps before compromise were mostly interesting too. Unixwiz.net Tech Tip: SQL Injection Attacks by Example http://www.unixwiz.net/techtips/sql-injection.html Nothing here is new or groundbreaking, but I gave an onsite presentation of this to the customer involved, and it seemed to be a fairly vivid experience watching their application completely compromised right before their eyes. Happy New Year! Steve --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve () unixwiz net
Current thread:
- SQL Injection Attacks by Example Steve Friedl (Jan 02)