Penetration Testing mailing list archives
Re: sql injection: url or form based?
From: dork () gmx at
Date: Fri, 10 Feb 2006 20:13:15 +0100
hi! basically, sql injection may occur on any variable that does not come from the application itself to be written into a database via sql. the easiest way are GET variables, followed by POST. but do not forget values in cookies and/or maybe various other HTTP headers (referer, user-agent, language preferences) that might be written to a database for statistical reasons, validations, or accessed for session handling. not to forget raw post requests containing xml, xml-rpc, soap or some binary format used by flash, filenames in upload forms. depending on the setup of webserver and application, even variables passed by the httpd to the script interpreter/application can be used for injections (e.g. $_SERVER in php can not be fully trusted). or in general: any value given by the user may be vulnerable to injections and overflows. ad essential differences: GET is easier, does not need an extra client or extra work to test and it's the place to start at. in some environments, the transport of a key-value pair is not visible to a web app (e.g. autoglobals). in this case, a deleted cookie can be replaced by url manipulation (following GPC order). i'd recommend the usage of curl and the firefox tamper-data extension for tests above GET. have a nice weekend. On Friday 10 February 2006 07:06, johnny Mnemonic wrote:
I see many references to manipulation of SQL backend databases through both URL based and Forms based SQL injection but I'm wondering what are the essentials differences between both methods and when to use one over the other. Thanks. _________________________________________________________________ Get cheap fares online with MSN Travel http://www.msn.com.sg/travel/ --------------------------------------------------------------------------- --- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 --------------------------------------------------------------------------- ----
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- sql injection: url or form based? johnny Mnemonic (Feb 10)
- Re: sql injection: url or form based? FocusHacks (Feb 10)
- Re: sql injection: url or form based? Bernhard Finkbeiner (Feb 10)
- Re: sql injection: url or form based? Brian Rectanus (Feb 11)
- Re: sql injection: url or form based? Bernhard Finkbeiner (Feb 10)
- Re: sql injection: url or form based? dork (Feb 10)
- Re: sql injection: url or form based? AdamT (Feb 10)
- <Possible follow-ups>
- RE: sql injection: url or form based? Evans, Arian (Feb 10)
- RE: sql injection: url or form based? Kyle Quest (Feb 10)
- RE: sql injection: url or form based? LAROUCHE Francois (Feb 13)
- Re: sql injection: url or form based? FocusHacks (Feb 10)