Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Perl/Mysql Sql Injection

From: "Victor Chapela" <victor () sm4rt com>
Date: Fri, 8 Jul 2005 17:51:58 -0500
Kartik,

The Perl side is mostly irrelevant for sql injecting into MySQL. The
language is only important when they are using some kind of
language-specific input validation. If no validation is in place, the
problem is generally the same weather they have used PHP, VB or Perl.
Mailing list archives are your best source but here are some links to get
you started:

http://www.nextgenss.com/papers/HackproofingMySQL.pdf
www.websec.org/papers/charinjection.txt.html
http://seclists.org/lists/bugtraq/2005/Feb/0288.html
www.owasp.org/docroot/owasp/misc/Advanced_SQL_Injection.ppt
www.4ngel.net/article/30.htm (in Chinese but you can get google to translate
it)

Regards,
Victor Chapela


-----Original Message-----
From: dailydave-bounces () lists immunitysec com 
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of 
Kartikeya Puri
Sent: Friday, July 08, 2005 1:49 AM
To: dailydave () lists immunitysec com
Subject: [Dailydave] Perl/Mysql Sql Injection

Hi,


While doing a pen-test, I came across a situation where a 
web-application is using perl script for login validation. 
Input sanitization is not upto the mark but I could not find 
enough information on this combination. Can someone suggest 
some readings on this combinations testing and/or SQL 
injection on this combination.

Regards,
Kartik
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave


http://www.sm4rt.com

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: