Dailydave mailing list archives
RE: Perl/Mysql Sql Injection
From: "Victor Chapela" <victor () sm4rt com>
Date: Fri, 8 Jul 2005 17:51:58 -0500
Kartik, The Perl side is mostly irrelevant for sql injecting into MySQL. The language is only important when they are using some kind of language-specific input validation. If no validation is in place, the problem is generally the same weather they have used PHP, VB or Perl. Mailing list archives are your best source but here are some links to get you started: http://www.nextgenss.com/papers/HackproofingMySQL.pdf www.websec.org/papers/charinjection.txt.html http://seclists.org/lists/bugtraq/2005/Feb/0288.html www.owasp.org/docroot/owasp/misc/Advanced_SQL_Injection.ppt www.4ngel.net/article/30.htm (in Chinese but you can get google to translate it) Regards, Victor Chapela
-----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Kartikeya Puri Sent: Friday, July 08, 2005 1:49 AM To: dailydave () lists immunitysec com Subject: [Dailydave] Perl/Mysql Sql Injection Hi, While doing a pen-test, I came across a situation where a web-application is using perl script for login validation. Input sanitization is not upto the mark but I could not find enough information on this combination. Can someone suggest some readings on this combinations testing and/or SQL injection on this combination. Regards, Kartik _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
http://www.sm4rt.com _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Perl/Mysql Sql Injection Kartikeya Puri (Jul 07)
- RE: Perl/Mysql Sql Injection Victor Chapela (Jul 08)