Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

JSP and SQL Injection

From: vijay.upadhyaya () gmail com
Date: 9 May 2007 21:12:13 -0000
Was wondering if SQL Injection will work on the web app using JSP. 
 I remember faintly that Java has some inbuilt checks on query break but not too sure, is there any way to bypass that 
? 
Any pointers will be greatly appreciated. 
Currently on the User creation page for this application is taking input as ";" or " ' " or anything u input in the 
text box. 
Wanted to confirm if it is vulnerable to SQL INjection . 
Tried putting 
x' or 'a'='a' 
but app did not come up with syntex error which means that there is a check for query break ...
let me know u r views on the same
Regards, 
Vijay

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: