![pen-test logo](/images/pen-test-logo.png)
Penetration Testing mailing list archives
JSP and SQL Injection
From: vijay.upadhyaya () gmail com
Date: 9 May 2007 21:12:13 -0000
Was wondering if SQL Injection will work on the web app using JSP. I remember faintly that Java has some inbuilt checks on query break but not too sure, is there any way to bypass that ? Any pointers will be greatly appreciated. Currently on the User creation page for this application is taking input as ";" or " ' " or anything u input in the text box. Wanted to confirm if it is vulnerable to SQL INjection . Tried putting x' or 'a'='a' but app did not come up with syntex error which means that there is a check for query break ... let me know u r views on the same Regards, Vijay ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- JSP and SQL Injection vijay . upadhyaya (May 09)